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Carnegie Mellon University's Mountain View, Calif., campus. 

MASTERING SOFTWARE 
MANAGEMENT AT CMU 

Academic program bridges IT, business 



BY ALAN ZEICHICK 

The old military building that 
Carnegie Mellon University calls 
its Mountain View, Calif., campus 
is dwarfed by a nearby zeppelin 
hanger. But the building, housed 
in the Moffett Federal Airfield, 
formerly a naval air station and 
currently operated by NASA, 
northwest of San Jose in the heart 
of Silicon Valley, offers one of the 
most modern educational pro- 
grams: the new Masters of Science 
in Software Management. 

Carnegie Mellon, based in 
Pittsburgh, has been offering 
courses in Northern California 
since 2002. The cornerstone of the 
small, 150-student extension cam- 
pus, formally called Carnegie Mel- 
lon West, has been its traditional 
Masters of Computer Engineering 
course. However, CMU says that 
the new Masters of Software Man- 
agement program, which launches 
this fall, is one of the first pro- 
grams of its sort in the world. 

The intent of the program, 



explained Diane Dimeff, associate 
dean, is to serve working software 
professionals. 'We talked to hiring 
managers and executives in Silicon 
Valley," she said. "We want techies 
who can talk to executives, mar- 
keting professionals and financial 
experts. We want them to think 
like executives, marketing profes- 
sionals and financial experts." In 
other words, groom the next gen- 
eration of business leaders, who 
can apply computer science and 
software development both for 
entrepreneurial startups and Sili- 
con Valleys largest behemoths. 

To be part of the Masters in 
Software Management program, 
the prerequisite is that students 
already be working as software 
engineers, project managers or as 
senior software developers or soft- 
ware architects. In many ways, the 
new program can be thought of as 
a specialized Masters of Business 
Administration program for soft- 
ware managers. It's not a true 
continued on page 26 ► 



Sun r Harmony Project 
Hit Discordant Note 



BY ALEX HANDY 

With Harmony nearing comple- 
tion, the focus now is on the Java 
Compatibility Kit (JCK). This 
suite of software tests and intel- 
lectual property agreements is all 
that stands between Harmony 
and the title of "compatible Java 
implementation." But as the 
Apache Software Foundation 
argued in an April 10 open letter 
to Sun Microsystems CEO 
Jonathan Schwartz, it's the intel- 
lectual property and the software 



patents associated with imple- 
menting Java that could keep 
Harmony from being certifiably 
compliant. 

Harmony is an Apache- 
licensed form of Java SE 5 — the 
JSR 176-compliant edition of 
Java 2 version 1.5. Sun, mean- 
while, is working on a now-con- 
firmed GPLv2-licensed Java SE 
6 — the JSR 270-compliant form 
of Java 2 version 1.6. 

Geir Magnusson Jr., the lead 
developer on the Harmony pro- 



ject, drafted the open letter to 
Sun. In it, he wrote: "The JCK 
license Sun is offering imposes 
IP rights restrictions through 
limits on the 'field of use' avail- 
able to users of our software. 
These restrictions are totally 
unacceptable to us." 

Specifically, Magnusson said 
that Sun's license for the JCK not 
only defines a method for testing 
compatibility, but also grants 
amnesty for any patents or intel- 
continued on page 26 ► 
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When Technologies Collide 

SaaS, SOA, Web 2.0 thrown at managers 

BY DAVID S. LINTHICUM 

IT departments will soon face some new challenges as software as 
a service, service-oriented architecture and the next-generation 
Web (Web 2.0) begin to have an effect on the modern enterprise. 
The days of managing IT departments as their own private 
fortresses of company information will disappear as IT becomes a 
global community. Critical elements of your customer, product 
and business data and processes will be populated by sources 
beyond your firewalls to become true real-time systems that deliv- 
er and integrate information as diverse as up-to-the-minute cus- 

continued on page 24 ► 

David S. Linthicum is the CEO of the Linthicum Group, a SOA 
consulting and advisory firm. 



WebMethods 
Acquired By 
Software AG 

Purchase bolsters 
SOA r market share 

BY DAVID WORTHINGTON 

Software AG has made a US$546 
million cash tender offer to 
acquire WebMethods, which sells 
SOA and integration software. 

The combined company will 
compete in both the service- 
oriented architecture (SOA) and 
business process management 
systems markets with a customer 
base of over 4,000 organizations 
and 100 partners, more than 
doubling Software AG's presence 
in North America. 

Jason Bloomberg, an analyst 

with ZapThink, commented on 

the acquisition: "This is huge 

news in the SOA space, because 

continued on page 25 ► 
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WebLogic Server 1 Goes Beyond Java EE 5 

BEA's enhancements deliver annotations; WebLogic Workshop now based on Eclipse 



BY DAVID WORTHINGTON 

When it released WebLogic 
Server 10 on March 30, BEA 
Systems made no bones about 
it; the company considers this 
to be a significant release. First 
and foremost, BEA imple- 
mented Java EE 5 in WebLog- 
ic with its own enhancements 
for developers. In addition, 
WebLogic now supports a 
wider set of specifications for 
Web services. 

Blake Connell, director of 
WebLogic Server product mar- 
keting at BEA, said that the pri- 
mary focus for WebLogic 10 
was to implement Java EE 5. 
BEA introduced annotations 
that enhance the implementa- 
tion by making deployment 
descriptor files optional. 

Annotations eliminate the 
need to support XML files to 
describe these transactions, but 
WebLogic still supports its lega- 
cy method, said Connell. BEA 
open-sourced its JPA imple- 
mentation as an Apache Project 
called OpenJPA. 

The JavaBeans 3.0 platform 
and IDE come with the territo- 
ry. Connell pointed to the Java 



Persistence API (JPA), a com- 
ponent of Java EE 5 and EJB, 
as a key pillar of the release. 
JPA manages transactions for 
information storage and re- 
trieval within data stores. 

MORE CHOICE 

BEA has shed some of its pro- 
prietary ways: WebLogic Work- 
shop is now Eclipse-based, 
and as such, it can merge into 
developers' existing Eclipse 
environments. This provides de- 
velopers with a single Eclipse 
instance that has access to 
BE As Web services technology, 
said Connell. 

Also, the Spring and Apache 
Struts frameworks can now be 
used to build applications for 
WebLogic. 

The Spring framework is a 
system for assembling compo- 
nents using configuration files. 
BEA collaborated with Inter- 
faces 1, the group behind the 
Spring framework, to mix 
Spring-style development with 
Java EE 5 development. 
Apache's Struts framework is 
used to build Servlet/JSP based 
Web applications and integrates 



with WebLogic. Con- 
nell noted that BEA 
wants to extend sup- 
port beyond its native 
framework so that 
developers can choose 
which development 
makes sense for them. 

According to Con- 
nell, BEA has adopt- 
ed JAX-WS (Java 
API for XML-based 
Web Services) 2.0 as 
the centerpiece for 
building Web services 
going forward, for 
WebLogic 10 and 
beyond. JAX-WS can 
leverage BEA's anno- 
tations style. 

BEA is using Web 
standards to reach 
for broad interoperability: It 
has adopted JAXB (Java Archi- 
tecture for XML Binding) for 
Java-to-XML translation. In the 
simplest of terms, this means 
that Java code binds to XML 
results to create XML-based 
Web services that work with 
Microsoft's .NET platform. 

Connell said the advantage 
of this is that Java developers 




The administration console displays domain resource and configuration information. 



can leverage their Java skills to 
create XML-based services. 
JAXB also uses annotations, but 
JAX-RPC (Java API for XML- 
Based RPC) is still supported as 
an alternative. 

Last, service deployment has 
been refined. The administra- 
tion console automatically re- 
cords multistep functions and 
replays them through Web- 



Logic's scripting tool to add 
some pep to deployments. 
Rolling upgrades reduce down- 
time, and clustering improve- 
ments are designed to provide 
high availability. 

BEA will release an update 
to WebLogic 10 before the end 
of the year. Its feature set will 
be largely determined by cus- 
tomer feedback, said Connell. I 



Microsoft Earns Merit Patches for Security 

But is Redmond's medicine the right pill for dealing with new exploits' 



BY DAVID WORTHINGTON 

Microsoft has taken a lot of hits 
for perceived lack of security in 
its software. In response, Bill 
Gates gave the company's secu- 
rity experts carte blanche to 
change that perception by 
improving the security of its 
products. Over time, this result- 
ed in the remediation process 
that its Security Response team 
follows today. But is that 
process effective enough to 
protect customers? 

When either the security 
community or its own internal 
experts discover a potential 
problem, the team takes the 
lead and starts a process that 
begins with triaging the issue 
and then coordinates the securi- 
ty response activities that follow. 

The team's first priority is 
scoping the exploit. After an 
issue is discovered, it passes 
through triage, and product- 
specific security experts are 
designated to investigate the 



scope and impact of the threat 
on an affected product, before 
the Secure Windows Initiative 
team evaluates the overall 
impact it may have on other 
Microsoft products, said Mark 
Miller, director of the Microsoft 
Security Response Center 
(MSRC). 

Mike Reavey, operations 
manager of MSRC, expounded 
on this process in a April 3 Secu- 
rity Response Center Blog post- 
ing discussing a flaw in the way 
that Windows handles animated 
cursors and what Microsoft has 
done about it. 

Reavey wrote in his blog that 
the team "drives for release" 
after it determines the vulnera- 
bility can be reproduced. The 
remediation is prioritized based 
upon severity, said Miller, anal- 
ogous to the way hospital emer- 
gency rooms prioritize their 
critically ill patients. But 
exploits, like illnesses, can be 
evasive: The exact number of 



the afflicted is not always 
known up front. 

From the start of the 
process, all possible surround- 
ing issues are investigated. The 
triaging emphasizes the discov- 
ery of as many related issues as 
is possible. Often, this means 
that related vulnerabilities must 
be resolved to completely solve 
the problem, due to dependen- 
cies between Windows and oth- 
er Microsoft products, Reavey 
wrote in his blog. 

For example, MS07-017, 
the remedy for the animated 
cursor exploit, fixed not one 
but seven vulnerabilities. 
Reavey explained, in his blog, 
that Microsoft's customers 
want security updates to be as 
comprehensive as possible. 
"Customers do not want to 
have to apply multiple updates 
to address issues in the same 
components." 

The next step in Microsoft's 
investigative process is to create 



and test security updates, a 
process that Reavey wrote takes 
an average of two months for 
Windows-related updates, in- 
volving hundreds of individuals 
worldwide. Reavey acknowl- 
edged that the testing process 
can run a longer course when 
updates modify functionality 
that is "pervasive and core to 
the operating system." 

In the case of an exploit 
where customers are exposed to 
imminent risk, the level of 
urgency decides Microsoft's 
willingness to "shortcut" steps 
in the process — such as quality 
testing — to release on a faster 
timeline. The team weighs 
risk versus comprehensiveness 
when customers are vulnerable 
to exploits, Reavey wrote. 

MICROSOFT'S FALLOUT 

Microsoft Product Support Ser- 
vices and the company's Securi- 
ty Response Team work collec- 
tively to distribute prescriptive 



information to customers. "We 
have made a number of 
enhancements over the last 
year to provide quality informa- 
tion to customers, particularly 
when issues require real-time 
clarity and guidance, such as 
through security advisories, the 
MSRC blog, publishing inci- 
dent pages, Webcasts, RSS 
feeds and syndication of our 
content," Miller said. 

Once a patch is released, 
Microsoft's Security Engineering 
Strategy team works to prevent 
recurrence by establishing new 
processes and tools, and builds 
defensive measures against simi- 
lar threats into upcoming prod- 
ucts, Miller added. 

Another group decides 
whether or not Microsoft is pro- 
viding enough defense-in-depth: 
the right security products and 
services to protect customers 
against emerging threats. The 
Trustworthy Computing Team 
looks outside of itself and works 
with the industry to, as Miller 
said, "improve the security of the 
Internet ecosystem." 

If there is a suspicion that 

criminal activity is involved, said 

continued on page 26 ► 



COVERITY FINDS THE DEADLY 
DEFECTS THAT OTHERWISE 
GO UNDETECTED. 



Your source code is one of your organization's most valuable assets. How can you be sure there are no 



and security vulnerabilities, which help remove the obstacles to writing and deploying complex software. 
With Coverity, catastrophic errors are identified immediately as you write code, assuring the highest possible 
code quality — no matter how complex your code base. FREE TRIAL: Let us show you what evil lurks in your 



code. Go to www5.coverity.com to request a free trial that will scan your code and identify defects hidden in it. 



(f coverity 

Your code is either coverity clean — or it's not. 
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It's Exam Time at The 
School of Secure Coding 

High marks hard to come by, predict toolmakers 



BY JENNIFER DEJONG 

There's a new programming 
test on the horizon, and most 
professional developers work- 
ing today won't pass it. 

That's what application secu- 
rity toolmakers said about the 
forthcoming series of examina- 
tions expected from the SANS 
Institute later this year. The 
tests and a related certification 
program are designed to assess 
a developer's ability to write 
code that is difficult to crack. 
"Results will show that develop- 
ers don't have the skills," said 
Watchfire CTO Mike Weider. 
"Most have never been trained 
to write secure code, and the 
test will highlight that." 

SANS (which stands for 
Sys Admin, Audit, Network, 
Security) expects to begin ad- 
ministering the exams in Wash- 
ington, D.C., on a pilot basis in 
August, followed by a worldwide 
rollout later this year, said Alan 
Paller, director of research at the 
for-profit organization that pro- 
vides information security train- 
ing and certification offerings. 
Six language-specific exams are 
planned: for C, C++, Java/J2EE, 
Perl, PHP and .NET/ASP. 

Lending support to the 
SANS effort are key application 
security toolmakers, including 
Cenzic, Fortify, Ounce Labs, 
SPI Dynamics and Watchfire. 
The toolmakers are working 
with SANS to formulate test 
questions. They won't take a cut 
of the sales of the SANS secure 
coding offerings, expected to 
cost US$10-$200 per program- 
mer for skills assessment alone, 
and $400 per programmer for 
assessment and certification, 
according to Paller. But the 




Watchfire's Weider says the tests 
will show that most developers 
lack the skills to write secure code. 

partnership has obvious bene- 
fits for them. 

"Any investment in applica- 
tion security is good for us," said 
Weider. 

The tests will help create 
awareness of why secure coding 
matters, echoed SPI Dynamics 
security evangelist Michael Sut- 
ton. "Historically, we have not 
asked developers to care about 
security," he said. "Yesterday, 
security wasn't a concern of 
developers, but today it is." 

Getting that message across 
has been difficult for applica- 
tion security toolmakers, which 
sell black-box testing offerings, 
which simulate attacks to find 
flaws that hackers might exploit 
to steal data, and source code 
analyzers, which scan for vul- 
nerabilities. Despite the steady 
news of data breaches, compa- 
nies have been slow to adopt 
application security tools. 

According to Yankee Group 
analyst Andrew Jaquith, the 
code assurance market mea- 
sures less than US$30 million in 
size, as reported earlier by SD 



SOFTWARE INSECURITY 




Early in 2007, the SANS Institute analyzed all critical security 
vulnerabilities discovered and reported during 2006 as a means 
of identifying the specific programming errors that caused those 
vulnerabilities. The research team, led by Rohit Dhamankar, of 
3Com, found that three programming errors were responsible for 
more than 85 percent of those critical vulnerabilities. 
Error 1: Accepting input from users without validating and sani- 
tizing the input. 

Error 2: Allowing data placed in buffers to exceed the length of 
the buffer. 
Error 3: Handling integers incorrectly. 

Source: www.sansssi. org/top_ three.pdf 



Times ("Analyst: Code Scan- 
ning Won't Stand on Its Own," 
April 1, page 1). 

MEASURING EXPERTISE 

The exams are designed to mea- 
sure fundamental areas of 
secure coding expertise. "It's not 
about 'What is a SQL injec- 
tion?'" said Ounce Labs co- 
founder and chief scientist Ryan 
Berg. Instead, the test measures 
whether a developer knows 
"how to do things the right way 
in terms of security," he said. 
"How do you validate input 
properly? Can you use error 
handling in Java? Do you know 
about code access security in 
.NET?" 

SANS and its partners began 
formulating questions in a meet- 
ing in Miami in February, said 
Berg, who participated in the 
gathering. "It's hard to write good 
questions," he said. "We don't 
want to trick the [test taker]. We 
don't want to make him read the 
question three times in order to 
figure out what's being asked." 

Devising the questions is an 
ongoing process, with toolmak- 
ers and other contributors 
offering continual input, noted 
Paller. "We need thousands of 
questions." 

Asked if developers would 
take a test they might fail, tool- 
makers insisted that getting an 
A is not the point. "It's not nec- 
essarily a scorecard," Berg said 
of the SANS exams. "It's a way 
of figuring out where you stand 
in terms of secure coding 
expertise." 

SANS is also emphasizing 
the assessment test as a starting 
point. The inaugural certifica- 
tion exam will be administered 
in Washington, D.C., in August. 
But developers can take the 
skills assessment without neces- 
sarily going for certification, 
noted Paller. 

"The assessment is all posi- 
tive," he said, relating a story 
about a development manager 
who took one of the sample 
tests, then asked his team mem- 
bers to take it as well. "He 
failed. And his team failed," 
said Paller. "But taking the test 
is about getting a better under- 
standing of what you know and 
what you don't," added Berg. I 
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Sun Microsystems announced on April 10 the donation of ZFS admin- 
istration features to the OpenSolaris community, along with other 
storage-related donations. These include parallel NFS (NFS 4.1), 
YANFS (Yet Another NFS, formerly WebNFS), the Point-In-Time Copy 
and Remote Mirror data services, iSCSI and SCSI OSD (Object-Based 
Storage Device) drivers and related software from both QLogic and Sun. 



NEW PRODUCTS 



Swell Software, a provider of graphics software for embedded devices, 
has announced the availability of the PEG Pro GUI development solu- 
tion for the creation of graphical applications in automotive, consumer 
electronics and medical imaging devices. It allows rapid prototyping 
hosted on Windows and Linux/XH platforms and targets many embed- 
ded processors . . . Aldon, a provider of process-driven ALM solutions, 
announced in early April the release of a new edition of Aldon Life- 
cycle Manager. Version 7.5, which was created exclusively for IBM's 
System i (the former AS/400 and iSeries) platform, offers conflict pro- 
cessing capabilities to help developers remedy conflicts in the devel- 
opment of multiple versions of software applications. The System i edi- 
tion of Lifecycle Manager also has enhanced compare and merge 
functionalities, to simplify software upgrades. 



, UPDATES , 



Artifact Software, a provider of software development management 
solutions, has introduced a version of Lighthouse that offers tools to 
manage tasks, costs and resources. The new release fuses custom 
methodology and reports with timesheets, reguirements manage- 
ment, bug tracking, test management and issue tracking . . . LogiXML 
has added geographic information system data and technology to its 
Web-based business intelligence platform, Logi 8. The GIS mapping 
features allow for geographic representations of spatial components 
involved in business data, according to LogiXML officials . . . Idea- 
Blade, a provider of enterprise application development tools and com- 
ponents for the Microsoft .NET Framework, has announced version 
3.5 of its DevForce framework. The newest version of DevForce 
includes object-relational mapping, the ability to monitor the validity 
of objects, and the ability to retrieve rules based on the code at run- 
time ... Hit Software, which offers real-time data integration, 
data synchronization and data access products, has announced ver- 
sion 5 of Allora, a set of design-time tools and a runtime engine 
enabling secure XML-to-database mapping and bidirectional transfor- 
mation. The new version introduces the Allora Workflow Manager, a 
graphical layout editor for creating and executing management tasks 
. . . 4D has announced the release of 4th Dimension 2004.6, the 
company's application and database development tool. The new 
version has full support for Windows Vista and is available for free 
at www.4d.com . . . VoiceSignal announced on April 5 the release 
of VSuite 3.1, a major redesign of the company's mobile speech plat- 
form. The company claims that user trials on mass-market hardware 
against the previous version showed up to a 75 percent improvement 
in accuracy and a 47 percent faster task-completion time for new 
users . . . HelloSoft launched its VoIP solution for Symbian OS devices 
on April 4. HelloDual-Mode is available now to device manufacturers 
wishing to incorporate VoIP into their mobile phones and other devices 
. . . XenSource's XenEnterprise now works with Microsoft's Windows 
2000 server products, the company announced April 2. The paravir- 
tualization tools now support up to eight processors on Windows Serv- 
er 2003 and XP, according to the company . . . FatWire announced on 
April 11 the general availability of FatWire Content Server 7, offering 
user-defined tags, enhanced full-text search, and new interfaces for 
managing content and layout . . . TeleSoft International has added a 
pre-ported version of its CompactSIP SDK for Windows Mobile 5.0 
to its lineup, allowing chip and device makers to add standards- 
based VoIP support to Windows Mobile devices. CompactSIP is built 
around a Pocket PC ARM emulator and supports a wide range of 
embedded environments, including pre-ported implementations for 
Linux, Nucleus, ThreadX, VxWorks, Windows CE and Windows Mobile. I 
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AJAX in Mashups on the Rise, Survey Says 



BY JEFF FEINMAN 

A survey conducted by Evans 
Data found that 30 percent of 
AJAX developers say they will 
enable end-user mashup de- 
velopment within the year, but 



almost half have no intention 
of letting the masses get their 
paws on the technology. 

Evans' 2007 AJAX Develop- 
ment Survey also shows that 
nearly 4 out of 5 developers are 



using AJAX for Web applica- 
tions and 39 percent are using 
it for rich Internet applications 
(RIAs). John Andrews, CEO of 
Evans Data, explained that 
these figures reflected that the 



majority of developers using 
AJAX are Web developers. 

But AJAX isn't just for the 
Web, according to the survey: 
Another 39 percent of develop- 
ers reported that they were using 
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it to create server-centric appli- 
cations, which include CRM, 
database and ERP applications. 

The use of AJAX has 
increased greatly in recent 
months, and more than one- 
quarter of the 400 participants 
in the survey said they expect 
to see AJAX usage grow by 50 
percent next year. 

The survey also noted that 
it is becoming increasingly 
possible for end users to cre- 
ate their own mashups by 
assembling information with 
application builders that act as 
glue. This functionality is 
enabled by programmers 
who build libraries of core 
technologies that form the 
basis of components struc- 
tured around business 
processes, as well as develop- 
ers that use APIs to build 
these components. The end 
user can then create many dif- 
ferent types of mashups, 
including data mashups for 
widgets and Web services, 
process mashups or collabora- 
tive applications that support 
core business processes, or 
enterprise mashups that com- 
bine information from enter- 
prise search engines, Web ser- 
vices, business intelligence 
engines and many other 
places. 

CONTROL ISSUE 

Currently, 8 percent of AJAX 
developers are facilitating 
mashup creation for end users, 
and 23 percent said they 
would do so within the year, 
according to the Evans Data 
survey. However, 48 percent 
of the AJAX developers that 
participated in the survey said 
they have no plans to ever 
allow end users to create their 
own mashups. 

"Enterprises right now con- 
tinue to be very reluctant to 
release that control," Andrews 
said when asked about the 
high number of developers 
who said they have no plans to 
allow end-user mashup cre- 
ation. "The largest majority 
of people doing AJAX and 
mashups are solution pro- 
viders, system integrators and 
consultants, so they want to do 
their own mashups. I do think 
that over time the number of 
developers that allow end 
users to create their own 
mashups is going to increase 
tremendously." I 
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Intel Ships Tuning Tools for Multicore Processors 



BY ALEX HANDY 

Intel released new versions of 
its analysis and profiling tools 
in early April that the company 
claims will help developers to 
program and optimize parallel- 
processed applications. 

First among these is VTune 
Performance Analyzer 9.0, 
which Intel's marketing chief for 
the project admitted will mop 
up some of the sloppier aspects 
of its processor-based informa- 
tion gathering. Also updated at 
the same time were Intel's 
Thread Checker 3.1, Thread 
Profiler 3.1 and Threading 
Building Blocks 1.1, described 
as "a template library for paral- 
lelism" by Intel marketing direc- 
tor James Reinders. 

Reinders has put the finish- 
ing touches on a book about 
Threading Building Blocks, his 
personal passion. "For people 
that are into C++ development 
and understand the Standard 
Template Library, this will feel 
just like a glove," he said. 

Reinders noted that Thread- 
ing Building Blocks 1.1 in- 
cludes some automation and 
refinements that should help to 
make it easier to use, adding 
that the building blocks kit 
costs US$299, and includes free 
updates for one year. 

'PRECISE EVENTS' 

Intel also updated VTune Per- 
formance Analyzer to version 
9.0 in April, adding support for 
Windows Vista. Thanks to new 
processor designs, it can more 
accurately discern where trou- 
bles are caused. 

Reinders explained that pre- 
viously, "[CPUs] didn't tell you 
exactly where something was 
happening in the system, be- 
cause they called an interrupt 
and then they pushed the mem- 
ory address onto the stack. That 
interrupt might be delayed, so 
[the push would] be one or two 
instructions after the access. This 
version actually captures the 
address and holds it till the inter- 
rupt happens. We call those pre- 
cise events,'" he added. VTune 
costs $699, and includes free 
updates for one year. 

Thread Checker, said Rein- 
ders, goes after bugs that are 
specific to parallel computing. 
"None of the profilers out there 
have any comprehension of this 
type of bug. Thread Checker is 
the only tool we know of that 
can dynamically link to a pro- 



gram and check for those bugs," 
he claimed. 

Finally, Intel's Thread Profil- 
er brings a higher-level view of 
performance tuning. Noted 
Reinders: "Thread Profiler 



shows you what's happening to 
the various threads of applica- 
tions, regardless of how you 
built them. That's often enough 
for a developer to go in and 
tune an application, just know- 



ing where the stalls are." 

Intel Thread Profiler costs 
$399, while Thread Checker 
costs $999 for Windows and 
$499 for Linux; the Linux ver- 
sion offers fewer GUI ele- 



ments, although it is function- 
ally identical to the Windows 
version. 

Both Thread Profiler and 
Thread Checker are now com- 
patible with Windows Vista. I 
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TIBCO Touts Predictive Business 

BusinessEvents 2.0 helps users understand when events need attention 



BY DAVID WORTHINGTON 

Business events can seem as 
countless as grains of sand. But 
when simple events have been 



aggregated and correlated, you 
could end up with a heap. 
TIBCO Softwares BusinessEv- 
ents 2.0, which became generally 



available on April 23, processes 
discreet events and applies busi- 
ness rules to help users under- 
stand when events are really situ- 



ations that require attention. 

The product's capacity to use 
rules effectively has matured 
since its initial release last year. 
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by LEAD Technologies 
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everything is included, together with per 
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Intel processors. 
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According to TIBCO, Business- 
Events has new rule functionali- 
ty to analyze and debug rules. It 
has also been given a higher 
capacity for events and resolves 
unbounded memory leaks. 

The rule analyzer does what 
the name says: It analyzes rules 
and collects statistics on perfor- 
mance, evaluating and ranking 
each based on efficiency. It also 
displays dependencies, or how 
one rule or rule object relates to 
another. Its rule debugger per- 
forms impact analysis for rule 
changes and searches for 
abnormalities. 

'HEAVY LISTENING' 

What's more, BusinessEvents 
contains a new API to embed 
event processing into other 
applications. Regardless, the 
BusinessEvents infrastructure 
can "listen" to events that appli- 
cations are generating, and in 
most cases, there is no need for 
applications to change, said 
Nelson Petracek, director of 
the advanced technologies 
group at TIBCO. 

Petracek explained how 
businesses could become "pre- 
dictive" by acting on the sys- 
tem's ability to identify threats 
and opportunities. This re- 
quires a partnership between 
business operations and IT pro- 
fessionals to build on the core 
rules, and respond faster to 
subtleties by capturing and 
leveraging events, he said. 

"Ideally, IT should give the 
end user the ability to modify 
the system, without going back 
to them. Other BRMSes [Busi- 
ness Rule Management Sys- 
tems] make inferences based on 
models; this product does heavy 
listening," said Alan Lundberg, 
senior product marketing man- 
ager for TIBCO. "It deals with 
the bulk to instrument and mea- 
sure events, using real data 
instead of models." 

"The emphasis for large 
organizations over the last five 
years has been a transition to 
becoming a more agile enter- 
prise, capable of quickly 
responding to change and chal- 
lenges within the marketplace," 
said Philip Howard, research 
director for data at Bloor 
Research. "The logical next 
step is to move from being reac- 
tive to proactive, by predicting 
those changes in advance." I 
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JetBrains TeamCity 2.0 Goes Both Ways 



Eclipse, Visual Studio plug-ins extend collaboration features 

BY ALEX HANDY of that company's IntelliJ adds productivity plug-ins for opers to observe the build sys- 

JetB rains' TeamCity collabora- IDEA. With the release of both Eclipse and Microsoft tern as it aggregates their 

tive development environment TeamCity 2.0 in mid- April, the Visual Studio to the package. check-ins, compares changes 

is no longer restricted to users integrated team environment These plug-ins allow devel- and displays the results of test 




i/Dundas 

/fir Data Visualization 



Now available for SharePoint 2007 

Build custom executive dashboards with 
data visualization solutions from Dundasi 

Dtindas Chart, Map and Gauge offer the la Lest a ward- winning 
tcr.hnalocjtei that Fortune 5DO companies acFOSs she globe- crust la 
create advanced custom d?shbo*nd applications 

As the leader in data visualization solutions mr .NET, SQLServer 
Reporting Services 2005 an rT low SharePoint 2007, Dunda^'s 
products are all designed to gwe you the tools you need to easily 
vi&uakxe all ytiur KPh .ind oshsr critical data. 

Want some help building and designing dashboards? Visit 
www.dundas.com/5DTime5 to tttd the Dashboard tiest Practices 
Whitepa.per, 



£&$ 



f" 









5 

^ 


! 


3 




p 




* = 










." i_r :.nr:- 


| 




I 

I 








iDundas 



Dund&s 



Duodai 



Chart Gauge Map 



SSr 



Arable n?r: 




SharePoint SQL Reporting 
2007 Services 



www. d u n da s.co m 

M'jfroqfr frji-paraLicri in thR- United EitatK anrtfar cthor countries, 




GOLbCEftritLEB 



p^ti M^nsBomefli £oflu1*m* 



www.dundH.cDm 
info&Pdundas.ccim 

(SOT) 463 -MM 



Advanced Data H'sua frzation for Microsoft Technologies 



batteries, all while still inside of 
their favorite IDE. And devel- 
opers who've come to love 
IntelliJ IDEA also have some- 
thing to cheer about: A new 
beta release of version 7.0 
arrived in April as well. 

TeamCity is a server-based 
Web application that can be used 
for continuous integration of 
code and testing, as well as build 
management and code analysis 
for maintenance, according to 
the company's Web site. 

Previous versions of Team- 
City integrated only with Intel- 
liJ IDEA. This time around, 
Eclipse and Visual Studio users 
can take advantage of the vari- 
ous check-in tricks that Team- 
City allows for, such as the abil- 
ity to hold commits until after 
a build is complete, and the 
ability to take responsibility for 
broken builds without leaving 
the IDE. 

In addition, users without 
IDE access can now view 
changes through the newly 
modified Web interface for 
TeamCity. Through that inter- 
face, developers can search for 
duplicate code and check up on 
the differences between ver- 
sions and checked-in files. The 
TeamCity server has also been 
improved with new integration 
for the Ivy dependency manag- 
er, and support for dependent 
builds. Developers sick of deal- 
ing with security woes will also 
be happy to hear that TeamCity 
2.0 supports LDAP. 

IDEA 7.0 BETA AVAILABLE 

The JetBrains team is also hard 
at work preparing its next ver- 
sion of the IntelliJ IDEA IDE. 
A new feature in this version is 
a significant speed-up of the 
underlying engine to take 
advantage of multiple cores and 
CPUs, making XML and JSP 
editing faster, according to the 
company. Some operations can 
even be run in the background, 
allowing developers to check 
their e-mail or browse the Web 
while that giant refactoring job 
is running. 

IntelliJ IDEA 7.0 will also 
support the Spring application 
framework, the Hibernate 
mapping framework, and new 
integrations with IBM's Clear- 
Case. The new version of 
IntelliJ IDEA should be out 
before the end of the year, 
and the first beta of 7.0 is avail- 
able for developers to down- 
load at www.jetbrains.com/idea 
/nextversion. It is free to down- 
load for Linux, Mac OS X and 
Windows. I 
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Debian 4.0 Etches Out Security Role 



BY ALEX HANDY 

It's been almost two years since 
the Debian community began 
working on the "Etch" version 
of its Linux distribution, but 
after 21 months of work, 



Debian 4.0 was released on 
April 8. The operating system 
focuses on command-line- 
based ease of use, security and 
a rigid commitment to proper 
open source licensing. 



The Debian community has 
long considered its Linux distrib- 
ution to be one of the most 
secure, but with the release of 
version 4.0, additional security 
features have been added to bol- 



ster the system's capabilities. 
Debian version 4.0 now includes 
support for encrypted hard drive 
partitions out of the box, elimi- 
nating the need to install multi- 
ple files before encrypting a disk. 
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Debian's Apt-get update 
manager has received a security 
overhaul as well. The program 
allows users to automatically 
grab programs from repositories 
around the world, and is the pri- 
mary method for installing soft- 
ware on the operating system. 
This time around, Debian's flag- 
ship tool will verify the integrity 
of software downloaded from 
repository mirrors. In addition, 
new versions of software down- 
loaded via Apt-get will come 
down as patches for existing 
software, rather than as entirely 
new, buildable source trees. 
The repositories used by the 
Debian project have been com- 
promised in the past, and many 
of the changes in Debian 4.0 are 
intended to minimize the extent 
to which users can be harmed 
by such an event in the future. 

'COMMITMENT TO EXCELLENCE' 

Mark Shuttleworth is CEO of 
Canonical, the company that 
produces Ubuntu Linux. 
Ubuntu is based largely on the 
work of the Debian communi- 
ty, and Shuttleworth said that 
he's extremely impressed with 
the Debian 4.0 release. He 
also defended the length of 
the development process for 
this release. 

"The one thing folks need to 
remember when you build an 
institution, is that you have to 
decide what it's going to be real- 
ly good at," said Shuttleworth of 
the Debian community. "Debian 
is extremely good at certain 
things. It's an extremely open 
environment. [The community] 
believes in taking time to find 
the right way forward. I think the 
great thing about Debian is that 
[the community] takes its time to 
figure out what the right techni- 
cal solution is. They have that 
commitment to technical excel- 
lence. If you try to optimize an 
institution for multiple things, 
you'll get confused. I'm quite 
comfortable with the Debian we 
know and love." 

Canonical does not rely on 
major Debian releases for the 
Ubuntu Linux code, and thus is 
not beholden to the lengthy 
release cycles, said Shuttle- 
worth. "We don't rely on the 
releases of Debian so much [as] 
on collaboration with the com- 
munity. What's important for us 
is the general health of the 
Debian community, and I think 
Etch is phenomenal." I 
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WS-I Profiles Cut Through Standards Spaghetti 



BY DAVID WORTHINGTON 

The Web Services Interoper- 
ability Organization (WS-I) 
made a bevy of announcements 
in an April 3 Webcast with the 
press, leading with the comple- 
tion of the WS-I Basic Security 
Profile 1.0. A complementary 
set of Web services profiles is 
targeted for completion in the 
second half of 2007. 

Basic Security Profile (BSP) 
1.0 is built on the work of WS-I's 
Basic Profile 1.1. It provides 
guidelines for developers to 
build secure, interoperable Web 
services and basic information 
on how to use specifications to 
support their own cases. It 
addresses SOAP messaging and 
transport security. 

"An interoperability profile 
offers valuable guidance to 
product implementers and 
application developers regard- 
ing the interpretation of a spec- 
ification," said Anne Thomas 
Manes, research director and 
vice president at the Burton 
Group. "A specification typical- 
ly supports a broad set of 
requirements, and offers a vari- 
ety of options and approaches, 
but these options can lead to 
misinterpretation and result in 
interoperability challenges. An 
interoperability profile con- 
strains the options and makes 
communication easier." 

The WS-I board approved 
BSP 1.0 after its five mem- 
bers — IBM, Microsoft, Novell, 
Oracle and SAP — demonstrat- 
ed sufficient interoperability. 
The first revision will add WS- 
Security 1.1 and fix any errors 
that are discovered before it is 
published later this year. 

MORE TO COME 

WS-I also discussed the next 
two revisions to the Basic Pro- 
file, and plans for another secu- 
rity profile, all due by year's 
end. Basic Profile 1.2 adds WS- 
Addressing, MTOM/XOP and 
SOAP 1.1 binding for MTOM, 
the W3C's Message Transmis- 
sion Optimization Mechanism. 
WS -Addressing defines a stan- 
dard mechanism for identifying 
and exchanging Web services 
messages between endpoints. 

Basic Profile 2.0 will update 
Basic Profile 1.2 by swapping 
out SOAP 1.1 for SOAP 1.2 and 
WSDL 1.1 binding for SOAP 
1.2. The W3C recommendation 
describes SOAP 1.2 as being 
cleaner, with clear processing 



and extensibility models, more 
integrated with XML standards 
and Web architecture, more 
versatile with a binding frame- 
work that provides protocol 



its predecessor. 

Reliable Secure Profile 1.0 
adds WS-ReliableMessaging 
and WS-SecureConversation. 
WS-I designed the profile to 



able messaging capabilities for 
Web services," according to the 
working groups Web site. 

"The importance of the new 
Basic Profiles and Reliable 



add the ability for Web services 
to be asynchronous versus 
synchronous -only, while ensur- 
ing reliability," said Michael 
Bechauf, chairman and presi- 



independence, and faster than deal with ensuring "secure, reli- Secure Profile is that they dent of WS-I. 



Trying to be agile 
when your Java code is fragile? 
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faster? Are you bringing new features to 
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If enhancing or extending your Java 
application feels risky - if you need to be 
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a thread - AgitarOne can help. 





With AgitarOne's 
powerful, automated unit testing features, 
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detect changes, so you know instantly when 
a new feature breaks something. Now you 
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AgitarOne's interactive capabilities for 
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code as you write it. 
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Launchpad Coordinates Open Source Development 

Ubuntu team releases collaborative site to aggregate bugs, blueprints for large projects 



BY ALEX HANDY 

When the Ubuntu project 
began, the team behind the 
Linux distribution realized 
that it would need to commu- 
nicate and coordinate with 
many other open source 
teams, keeping track of 
changes in Firefox, Gnome, 
GCC and any of the hundreds 
of other bits and pieces that 
make up a Linux distribution. 
To solve the problem, the 
Ubuntu team began using an 
internal tool a year ago that it 
called Launchpad. That tool is 
now publicly available at 
Launchpad.net, after it was 
officially unveiled in beta form 
in early April. 

Mark Shuttleworth is CEO 
of Canonical, the company 
behind Ubuntu Linux, and he 
argued that Ubuntu's very 
nature necessitated the design 
of Launchpad: "A very signifi- 
cant majority of packages in 
Ubuntu are inherited from 
Debian, [other] upstream 
developers and increasingly 



from other distributions as 
well. For us, we said fairly ear- 
ly on that our efficiency in col- 
laborating with other projects 
was going to be a very key 
thing for us." Shuttleworth 
added, "Our infrastructure for 
tracking bugs and [other items] 
wasn't up to what we wanted. 
We started writing some of our 
own infrastructure for plan- 
ning, tracking user requests 
and so on. Launchpad is that 
infrastructure, made available 
for Ubuntu and for other pro- 
jects as well." 

Launchpad takes its cue 
from other project manage- 
ment sites, such as Source- 
forge. net and Google Code. 
Shuttleworth categorized it as 
being the Wikipedia for open 
source projects. "The thing that 
it does, better than anything 
else out there, is help build a 
conversation that spans multi- 
ple communities," he said. "Say 
you've got a bug in Firefox. 
You'd hope it's also in Mozilla's 
bug tracker, but it could also be 
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Mark Shuttleworth, CEO of the company behind Ubuntu Linux, characterizes Launchpad as being the Wikipedia for 
project tracking: Users add information to each project, whether that information is meta, direct or just made up. 



in Red Hat's, and in Ubuntu's. 
Launchpad tracks those across 
other systems. Launchpad 
automatically aggregates the 
status of all of those. You'll be 
notified of changes in the status 
everywhere." 

The site can track more than 
just bugs: Launchpad can help 
track a project from creation to 
completion, through blue- 
prints, code and even localiza- 
tion, claimed Shuttleworth. "It 
works on the same basis as a 
wiki. Anyone can come and add 
information. It understands a 
couple of things about context. 



It understands people and 
teams, such that, This bug is 
assigned to that team.' It also 
understands the structure of 
projects, so it understands 
milestones," he noted. "We 
recognized that we don't want 
everyone to switch to using 
Launchpad, so it's designed to 
either be used by projects or to 
be linked to by them." 

Shuttleworth said that 
many projects have already 
jumped on board and built 
pages inside Launchpad for 
their work. The site is particu- 
larly useful to the people that 



build the glue between soft- 
ware, said Shuttleworth. "It's 
good for projects that are mid- 
dleware. Developers who find 
bugs in shared libraries are 
more often than not the devel- 
opers who are using them, not 
the developers developing 
[those libraries]. In many cas- 
es, the bug shows up first as a 
symptom of a problem in their 
application. One group might 
say, Tt's not us' and reject the 
bug. The conversation is 
recorded, so it becomes easier 
over time to get the right set of 
eyeballs on the problem." I 
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RadView Cruises With Free WebLoad 



BY JEFF FEINMAN 

RadView Software, a provider 
of open source performance- 
testing tools for Web applica- 
tions, announced on April 11 
the release of WebLoad Open 



Source, a free version of the 
company's flagship product. 

The new version of WebLoad 
has a JavaScript-based language, 
which allows a short learning 
curve for developers, according 



to Rami Goraly, RadView's vice 
president of marketing. The 
new "Cruise Control" function 
allows testers to set usage para- 
meters and specify performance 
goals. For example, if a develop- 



er wanted to have an application 
servers response time exceed no 
more than three seconds, Cruise 
Control can configure the test 
against that goal. In addition, 
Goraly said that the offering has 
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EASY to USE 

ActiveReports features an easy-to-use, banded, fully integrated report designer with built- 
in wizards, integrated toolbars, report explorer window, print preview with bookmarks, 
text search and thumbnails, a full-featured chart control, and a detailed help file. With 
ActiveReports, it is easy to create the kinds of reports you need-from the most basic to the 
most complicated reports. 

EASY to LICENSE 

Licensing with ActiveReports for .NET is straightforward and easy to understand. There 
are no hidden costs, no extra licensing fees and no royalties charged for end users. Once 
you install the product after purchase, you are free to create and deploy your reports as 
needed. 

EASY to DEPLOY 

ActiveReports makes deploying your reports and end-user reporting capabilities easy. The 
reporting engine is provided as a single managed, strongnamed assembly. ActiveReports 
allows assemblies to be distributed using XCopy or placed in the Global Assembly Cache 
(GAC). 
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support for rich Internet appli- 
cations (RIAs) and applications 
based on AJAX, which he said 
can be very difficult to test due 
to their complexity. Using 
WebLoad, developers can 
record an AJAX-based applica- 
tion and build an AJAX script. 

"Enterprises are starting to 
adopt RIAs and AJAX, and they 
say that one of the biggest barri- 
ers to the adoption of these 
[technologies] is the fact that it's 
very difficult to test their perfor- 
mance," Goraly said. "So, we feel 
we're leading the market for 
these specific kinds of perfor- 
mance testing." 

In addition to WebLoad 
Open Source, RadView 
announced the for-pay Web- 
Load Professional, which in- 
cludes the ability to generate a 
distributed load. I 

HALEY RELOADS 
RULES SUITE 
FOR TEAMWORK 

BY DAVID WORTHINGTON 

Unlike H alley's Comet, upgrades 
to Haley Systems' Business 
Rules Suite are more than a 
once-in-a-lifetime event. Busi- 
ness Rules Suite 6.0, released 
April 9, has been adapted to 
make writing business rules a 
simpler and more collaborative 
process. 

The linchpin is the Haley 
Collaborative Server. It allows 
users to author and edit business 
rules over the Internet using two 
new browser-based clients, or 
with Haley Tabular Rules client 
for Microsoft Excel. 

The browser-based clients 
are DHTML versions of the 
Modules and Statement, and 
DHTML Tabular Rules tabs 
from Haley Authority. Tabular 
Rules is a spreadsheet-like inter- 
face used for modeling and for 
verifying and testing rules. It is a 
standard template for expressing 
rules that uses rows and columns 
to specify conditions and rules, 
explained Matthew Sevin, chief 
knowledge officer at Haley. 

To simplify its rule-authoring 
environment, Haley has bun- 
dled in a new Vocabulary Acqui- 
sition Wizard and the Dictionary 
Web Service. The Vocabulary 
Acquisition Wizard facilitates 
the definition of vocabulary and 
ontology, while the Dictionary 
Web Service — which Haley 
hosts — retrieves business lan- 
guage that can be inserted while 
creating a new concept. I 
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VersionOne Offers a New Agile Taskmaster 



Update adds virtual taskboard for organizing projects 

BY DAVID RUBINSTEIN this is especially true when ere- daily plans, producing the code iterative or agile development 

Planning, coding and testing ating applications under itera- promised for that day, and test- simply won't work, 

are key elements of any soft- tive or agile processes. Without ing it to make sure it's function- To help facilitate those steps, 

ware development project, but well-conceived long-term and al and meets requirements, agile project management soft- 



Syncfusion Essential Studio v5 - Jump 

Vista - Office 2007 - ASP.NET AJAX 



Essential Studio v5 supports Windows Vcsto out 
of the box and comes wifh great Office 2007 and 
ASP.NET AJAX features so that you can focus on 
staying ahead. 

Visit www + syncfusion< com/a head for details 



*-• 





, 










Windows Forms LH 

Csrid, OHict 2QQ7Tco£me5./ D&zhng, Wnnus, Edilars, 
Cl^il Vi^b>Jlkfl- Pt^rammlr^, MotX>^*d rTTML *snd&fler 

A5P.NET Ul 

O-i.l Edllori, Mertui, NcillHearkartr Chvt and Dtogmrt 

BackOffice 

^Did lepDrliiig, Adofcw P&F i-parlinjj. FDimula'-Bngine 



\ ' 




TW 



■■■Syncfusion 

Nd iDviiIni:', No 1.111 '. u 1 ilup-i-un-il lun 1 . ZJ 1. 5- ^uppari Full wurni todl 



Download an evaluation today! www.syncfvsion.com 1 888 ? DOTNif 



ware provider VersionOne has 
updated its platform with release 
7.1 of VI: Agile Enterprise. 

According to company 
founder Robert Holler, new 
integrations with the source 
code management tool Subver- 
sion and the test framework 
FitNesse further enterprise- 
enable the software, as team 
members now can see any 
changes or corrections that 
have been made to a feature. 
The FitNesse integration pro- 
vides team members with test 
result information during each 
iteration of the software. "In 
prior releases, we had the abili- 
ty to send high-level test infor- 
mation to the tool for trending," 
Holler said. "Now, the tight 
integration between Subversion 
change sets and our features- 
and-defects [reporting] creates 
a compelling story." 

Holler said the company is 
releasing the integrations as 
open source; a request tool 
gives customers the ability to 
submit their requests through 
the VI: Agile API. 

Other features include a 
recent changes list, when team 
members can see recent 
changes, and AJAX-based pop- 
ups that give a quick descrip- 
tion of the item selected. 

Holler, though, seemed 
most excited about the addition 
of a virtual taskboard to the 
software. "We use the concept 
of a taskboard internally," he 
said, "progressing the task cards 
through statuses and states. 
Now it's manifested electroni- 
cally in our platform." 

According to Holler, the 
taskboard gives distributed 
teams the ability to report in and 
work together. Task status can 
be changed in a drag-and-drop 
way, and when populated with 
real-time burndown and cumu- 
lative flow charts, it can serve as 
a dashboard during "standup 
meetings," which are important 
in iterative and agile develop- 
ment shops. "This [virtual 
taskboard] gets us out of the sta- 
tic project management arena 
and offers visualization across 
the enterprise," Holler said. 

VersionOne offers its plat- 
form in both Enterprise and 
Community editions. The 
Community edition is free for a 
five-seat license, aimed at small 
development teams, and is not 
supported. The Enterprise edi- 
tion is available in either a 
US$30 per user per month sub- 
scription or a $500 license, and 
support and maintenance are 
available at an extra cost. I 
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How to Avoid 
Software Black Holes 

Scott Rosenberg discusses 'Chandler' 
and how to successfully develop software 



BY DAVID WORTHINGTON 

Some people dream in color; 
others dream in black and 
white. And then there are 
those among us who dream in 
code. Salon.com founder Scott 
Rosenberg spent three years 
trailing an assemblage of some 
of the worlds most legendary 
programmers, led by Mitch 
Kapor, as they attempted to 
revolutionize how we manage 
personal information. 

Kapor's Open Source Appli- 
cations Foundation (OSAF) led 
the charge to create an open 
source alternative to Microsoft 
Outlook, which it named Chan- 
dler, after Kapor's dog. With 
millions of dollars of donors' 
and Kapor's money spent and 
more than 4,732 bugs filed, 
Chandler remains unfinished. 
SD Times sat down with Rosen- 
berg to discuss the topics raised 
in his book "Dreaming in Code" 
and the lessons he took away 
from his experience. 

SD Times: Were there too many 
cooks in the kitchen at OSAF? In 
other words, did engineers have 
too much say? 

Scott Rosenberg: There are a lot 
of different ways of doing a diag- 
nosis of the problems at Chan- 
dler. There are people [who] 
have read the book and said, 
"Well, the problem is that it is a 
classic visionary problem." 
Kapor had the vision and the 
resources to indulge himself; 
there were fewer constraints. 

I don't think that [having too 
many cooks in the kitchen] is the 
conclusion I have drawn. You 
have a project unlike other open 
source projects, that was being 
led by someone who is not pri- 
marily a programmer, whereas 
open source projects are much 
more typically driven by pro- 
grammers. 

How can engineers and business 
people communicate successful- 
ly with one another? 
[Miscommunication is] the pri- 



mary interface of failure. On the 
side of the engineers, or pro- 
grammers, you have this con- 
stant hunger for specificity, for 
detail and finality. That is what 
the engineer wants, because if 
things are specific enough, engi- 
neers can go off and build them. 
If they are detailed enough, the 
engineers don't always have to 
be filling in the blanks, and if 
they are final enough, they don't 
have to always be worrying about 
constant changes. 

That is what they 
want. The problem 
is that I have yet to 
encounter any soft- 
ware project that 
came anywhere 
close to fulfilling 
any of those condi- 
tions. It's just not 
the world we live in. 
And so the question 
really becomes, given those 
conditions are just not achiev- 
able, how do we communicate 
in that imperfect environment? 

The answers that you'll find 
[methodologies with specific 
prescriptions] at the root of most 
of them are a handful of basic 
principles that are not even spe- 
cific to the field of software. 
They are the kinds of things you 
would encounter in any advice 
for people trying to make a fam- 
ily or public organization work 
better. Those principles are to 
communicate frequently, and lis- 
ten to what the other person is 
telling you. Engineers are used 
to precise language. Sometimes 
an engineer will hear something 
a certain way, and then go and do 
something that they think they 
heard. A week later, the busi- 
nessperson says, "I did not mean 
that at all!" and a week's work is 
lost. That might have been 
avoided if they spoke frequently. 
Are there any pitfalls to avoid? 
It is also important to be careful 
with terminology and vocabu- 
lary. Something could mean 
one thing to a programmer, and 



something 




[another] thing entirely differ- 
ent to a nonprogrammer or 
business user. There can be big 
black holes of disaster awaiting 
you there, if you are not careful. 
It is a hugely important under- 
taking that should be done very 
carefully. 

Working from prototypes 
and dealing with things that are 
partially functioning, so that 
business people can have 
to go on, provides 
more clarity [than 
an abstract product]. 
The Chandler team 
spent too much time 
on the abstract. 
Getting something 
to people sooner, 
rather than later, 
provides better op- 
portunities for course 
correction. 
Is Linus Torvalds 
correct in his assessment that 
you should never plan to do a big 
project.. .that you should start 
small and, with luck, the project 
will grow? 

It is an amazing observation. 
There is an old proverb that a 
journey of 1,000 miles begins 
with a single step. A 1,000 mile 
journey in software can be so 
daunting because of the amount 
of complexity involved. If you try 
to get your head around all of 
that, you will be discouraged 
and have a hard time getting 
started. 

Keep your mind on a small 
and achievable goal. It is a vari- 
ation on the incremental princi- 
ple [of software development] 
that turns up in various ways 
like agile [processes] and 
Extreme Programming. It's a 
principle that applies to any 
ambitious creative act. The 
World Wide Web was built on 
what programmers thought was 
crude and bad technology. But 
one quality made it right: It was 
simple and easy for people to 
start using. I place a lot of faith 
in simplicity. 




What lessons can open source 
developers take away from 
Chandler? 

Chandler's place in open source 
is kind of unique, because it is 
open source in that code is avail- 
able, but it has been very atypical 
in being a product that has been 
worked on by a team functioning 
like a startup. Most successful 
OS projects are really, truly dis- 
tributed volunteer networks. 

The problems [Chandler] set 
out to solve would be good prob- 
lems to solve. The big lesson, 
that the participants in Chandler 
would not argue with, is that the 
lesson is to put out a small piece 
of a product that is useful 
enough to inspire people. Do it 
earlier, rather than later. Chan- 
dler spent a long time doing 
infrastructure work, and at some 
point realized that the direction 
was wrong. 

They refocused around the 
calendar, and if they had done 
that at the beginning, they would 
be at a different place now. 
In your opinion, would Chandler 
have succeeded if it had been de- 
veloped as commercial software? 
Well, the difference there is that 
the story would have been differ- 
ent if they had had a tight budget 
and were a more traditional 
startup. Constraints like budgets 
serve as a goad to get things 
done. Certainly, one of the fac- 
tors in how long Chandler has 
taken is the open-ended nature 
of Kapor's commitment. He has 
plenty of money and wants to see 
it happen. 

He might have certain limits, 
but [the constraints] are certainly 
not anywhere as near restrictive 
as a more common business deci- 
sion. That, to me, is more the 
issue than the difference between 
commercial and open source 
licensing. If Chandler has some 
greater limits on time and money, 
that may have helped focus their 
work faster, for sure. It is the 
same case, whether it was open 
source or commercial. I 



Tech-Ed 2007: 
Summer School 
For Developers 

BY DAVID WORTHINGTON 

On June 4, it's back to school 
for developers, when 12,000 IT 
professionals are expected to 
converge on Orlando, Fla., for 
this year's Tech-Ed conference. 
Windows Vista, Exchange Serv- 
er 2007, ASP.NET AJAX, 
Office 2007 and the upcoming 
Longhorn Server are the main 
topics of the conference, which 
runs through June 8. 

Bob Muglia, Microsoft's 
senior vice president of the 
Server and Tools business unit, 
will kick off the festivities on 
Monday with a keynote 
address. Muglia is expected to 
discuss the reasons why 
Microsoft believes that IT is 
evolving into an asset that is 
"fueling growth and driving 
innovation" — and should not be 
thought of as just another orga- 
nizational cost center. 

Tech- Ed 200 7's curriculum 
consists of 14 core technical 
tracks with more than 440 
breakout sessions and more 
than a dozen preconference 
seminars. 

Microsoft product team 
members and industry experts 
will be in attendance. There are 
slated to be more than 150 
hands-on labs at 800 different 
stations, to supplement instruc- 
tor-led labs and seminars. I 

Microsoft ^^ 

(Tech-EcV 

V ~ 2007 

CONFERENCE: 

June 4-8 

Orange County Convention Center, 

Orlando, Fla. 

TECHNICAL LEARNING CENTER: 
Monday, 10:00 am-9:00 pm 
Tuesday, 9:00 am-6:00 pm 
Wednesday, 9:00 am-7:00 pm 
Thursday, 9:00 am-6:00 pm 
Friday, 9:00 am-4:00 pm 

HANDS-ON LABS: 
Monday, 10:00 am-9:00 pm 
Tuesday, 7:00 am-10:00 pm 
Wednesday, 7:00 am-10:00 pm 
Thursday, 7:00 am-5:45 pm 
Friday, 7:00 am-4:00 pm 

KEYNOTE: 

Monday, 8:30 am-10:00 am 
Bob Muglia, SVP, Microsoft Server 
and Tools business unit 

www.microsoft.com/events/teched2007 



Innovations by InterSystems 




Embed the world's fastest object database. 
A golden opportunity to make Java applications richer. 



When you embed Cache in your applications, they become more valuable. Cache dramatically 
improves speed and scalability while decreasing hardware and administration requirements. 
This innovative object database runs SQL queries faster than relational databases, i nterSystems 
And with InterSystems' JALAPENO™ technology for Java developers, Cache 
eliminates object-relational mapping. Which means Cache doesn't just speed up 
the performance of applications, it also accelerates their development. Cache is 
available for Unix, Linux, Windows, Mac OS X, and OpenVMS - and it is deployed in more 
than 100,000 systems ranging from two to over 50,000 users. Embed our innovations, enrich 
your applications. 



InterSystems 

CACHE 



Visit us in Booth #520 at JavaOne, May 8th - 11th, San Francisco, CA 

Download a free, fully functional, no -time -limit copy of Cache, or request it on CD, at InterSystems.com/JavaOne2007JJ 

© 2007 InterSystems Corporation. All rights reserved. InterSystems Cache is a registered trade terns Corporation. 4-07 ValCacheJal SDTi 



Office 2007 Ul. Accelerated. 

Office 2007-style Ribbon and Schedule 
Components for Your Dev Toolbox, 
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With the new Studio Enterprise 2007 

vl.5 Ribbon components, combined with 
Scheduling and Calendar, you can now 
build fully functional Office 2007-style 
applications quickly— with virtually no code. 

Now Includes Ribbon for .NET 
and Now Office 2007 Visual Styles 



- Office 2007-ityle Controls: Ci Ribbon and Cl SwuaSar 

- Load and Save Ribbon Temp late s (XNU, format) 

■ Easy to Use Design Time Options using 
Component One SnwtDesigners™ 

■ Office 2007 Visual Styles 

■ Windows Vista Aero Snppo'T 

Office 2007 Visual Styles for: 

■ True DBG rid for .NET 

■ Flexgrid for NET 

■ Menus and Toolbars for .NET 

■ Llstfor.NET 
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Studio Enterprise 2007 vis 
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Most Comprehensive Suite of Visual Components Available Anywhere 
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Skyway Lights Up Its Visual Workspace 



BY DAVID WORTHINGTON 

Skyway Software has lit up its 
flagship product for developing, 
deploying and maintaining SOA 
applications throughout the 
application life cycle, with Visu- 
al Workspace 5.0, available 
April 23. The new features in 
this release of Visual Workspace 
center on improving product 
development and deployment 
processes. 

On the development side, 
Visual Workspace 5.0 adds 
integration with Adobe Sys- 
tems' Dreamweaver as an 
alternate HTML editor for the 
design suite, enhanced prod- 
uct documentation, transac- 
tion and exception handling, 
AJAX support in Web UI con- 
trols and model write-protec- 
tion, in addition to various 
usability enhancements. 

Watchfire Unveils 
Community Site, 
Updates AppScan 

BY JEFF FEINMAN 

If the newest version of its 
Web application security solu- 
tion, AppScan 7.5, wasn't 
enough, Watchfire has intro- 
duced a community Web site 
to encourage the creation of 
AppScan extensions. 

The new AppScan Extensions 
Framework includes an SDK for 
AppScan extensions. Developers 
can also download extensions 
created by AppScan that add the 
ability to display AppScan reports 
in Microsoft Word, a Microsoft 
Visual Studio Team System 
defect export function, and 
the ability to receive e-mail noti- 
fications during a scan. 

Also new is Pyscan, an inte- 
gration of the Python scripting 
language and AppScan that 
uses Web application scanning 
functions to mix automated and 
manual efforts, such as cus- 
tomizing a scan to a specific 
audit. Watchfire officials said 
that Pyscan can automate more 
testing tasks, improve test accu- 
racy and save testing time. 

"Watchfire s Extensions com- 
munity and Web site is all 
about innovation," said Michael 
Weider, founder and CTO of 
Watchfire. "Our customers can 
now create and share their own 
extensions, and collaborate 
together on new ways to lever- 
age the new open flexibility of 
AppScan." I 



A dependencies view has 
been added to Visual Work- 
space's interface, as well as a 
desktop search and touch-graph 
control enhancements. This 
release also adds the Chainsaw 
log viewer, which works with the 



Java-based log4j utility, devel- 
oped by the Apache Foundation. 
New "scaffolding templates" 
are provided to ease the 
deployment of Visual Work- 
space UI controls, including 
tabs and data grids. Another 



change that affects the deploy- 
ment cycle is the addition of 
"late binding" of external data 
sources, making it possible for 
developers to proceed toward 
delivery without considering 
the data source or production 



environment until deployment 
time. Workspace generates the 
underlying execution code after 
the developer selects a database 
and application server, said 
Sean Walsh, Skyway's president 
and chief executive officer. I 



Build Geography Into Your Applications 




Give Yoyr Users the Complete Picture 

to Help Them Make Better, Faster Decisions. 

Applications tha; incorporate geographic Information spuem (GI5} 
technology give users a visual way to analyze their data *nd mate 
mure htormetf decisions. YYltti E5RI*" develops soJ-utitm, you can 
quickly and rat-&f festively bring geography and mapping -capabilities 
into yiaui applications, regardiess of whether you are builds desktop, 
client/server, mobile, or Web applications. 

ESftl developer solutions enable you to 

h Quickly and cost-effectively integrate GIS capabilities 

Nfrto your w aM ftlsfflg applications. 
* detect the deeper tools that fit best with your architecture 

(ESRJ'j de^lope-r p*odunt& encompass GS components, 

serms, and Web services). 
t Use if* de^lopmefU en^oniwit of your choice, Including 

3cva T , .NET, C0M r and C++, and deploy applications on a 

variety of platforms, 
t Access and manipulate dala in multiple formats. 

To learn nwre about flit ESR] developer solutions that w* right 
for you, visit www.eiri.com/develop 



1 -888-288-1 277 

vwvw.esri .corny develop 
inFo@efi.CQm 
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a Java database 

should store Java 



objects 




Is this idea really so shocking? 






Tft swre Java o^cto, regional und otoJtxfcnHatltJnal clat*!™** mutf 
tmmtote Llitin inio ifluilKT: formal. this- objirti-nrlaTioiiaJ mapping 

(ORM) Eh a drap ^n pcrformaneL: and bncsslJi utoniRe [JE.ma.rKLH. 

McObfticfs PcraL, u a* an aJ]-Java., uhjciiL-uricMikxl tLUahaML-, stnnfty Java 
ubjetts asjatxi tibfvzts, ibr j-rraitr cfllciericy 
and performance, ancl a smaller footprint, 

Perat Is also open s4Hi«2t - downrnail ihc 
whole iNnp. Tor free, coday. 
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Web 2.0: When Software 



< continued from page 1 

tomer credit reports, or the current loca- 
tion of a cargo container in the South 
China Sea and its projected arrival date 
at a manufacturing facility. 

IT managers must learn how to give 
as well as take information in this new, 
shareable environment, while still pro- 
tecting their company's interests. Innov- 
ative companies will take advantage of 
these new resources and reinvent them- 
selves as unstoppable forces in their 
markets. Those who don't take advan- 
tage of this revolution will become 
quickly outdated, perhaps out of busi- 
ness. Now is the time to begin under- 
standing the issues you will face, and 
how to open the company gates to nur- 
ture this IT renaissance while still keep- 
ing the barbarians at bay. 

The movement and direction of this 
technology convergence are clear. Take, 
for instance, the rapid rise of software as 
a service (SaaS). Based upon current 
trends, IDC predicts a compound 
growth rate of 20 percent per year for 
SaaS, set against the overall software 
market, which is growing only at around 
6 percent per year. This leaves IDC in 
no doubt that there is a fundamental 
shift toward SaaS as a delivery mecha- 
nism, and its use within the notion of 
Web 2.0, and the convergence of ser- 
vice-oriented architecture (SOA), Web 
2.0 and SaaS (see box). 

At the same time, enterprises are 
turning to SO As to provide a platform 
for the use of SaaS -delivered services, 
and links to the emerging Web, even 
through the ad hoc notion of mashups. 
The movement toward SOA, like SaaS, 
is well documented, and is being driven 
faster by the emerging service-oriented 
resources on the Web. 

According to Evans Data's latest 
Web services development survey, 
"This year the percentage of function- 
ing Service-Oriented Architectures 
has almost doubled. Web Services are 
now also experiencing more compre- 
hensive implementation with 30% of 



respondents using more than 20 ser- 
vices in the next year, a 58% increase 
from today." 

Moreover, there is a movement to 
leverage these pervasive services within 
the enterprise, through mashups, pro- 
viding on-demand access to business 
processes and information, as needed, 
and at bargain rates. 

What's important to remember is 
that there is a huge resource being cre- 
ated on the Web. Take advantage of 
this resource or it will devastate your 
enterprise, much like those who 
ignored the rise of the Web in the ear- 
ly 1990s soon found themselves playing 
catch-up. This is a similar mega-trend, 
and the time is now to prepare your 
business to fit into this new paradigm, 
which is actually much more complex, 
but provides 10 times the ROI of the 
traditional Web. 

STEPS TO CHANGE 

There are, however, a few things that 
need to occur in order for your organi- 
zation to take advantage of this conver- 
gence. It is critical to deal with the cul- 
ture, prepare the infrastructure and 
prepare the master plan for adoption of 
the new technologies. 

"Deal with the culture" refers to the 
fact that most of those who control IT 
within organizations have not accepted 
the fact that the Web will morph into 
something very different from its cur- 
rent state, and now is the time to set 
expectations and educate. It has to be an 
acceptable reality that many of the appli- 
cations, services and processes that drive 
the business will exist outside of the fire- 
wall, and some of the applications and 
services that currently drive the compa- 
ny may be exposed to others on the 
Internet as well. Today this outside-in, 
and inside-out architecture is a huge 
shift in thinking for many IT staffers, but 
acceptance will come by educating IT as 
to the benefits to the company, cus- 
tomers and employees. 

"Prepare the infrastructure" means 



BEHIND THE CONVERGENCE 



What's causing the shift shift toward the 
convergence of SOA, Web 2.0 and 
SaaS? There are five primary drivers: 

1 Purchasers believe that the cur- 
• rent cost of traditional enterprise 
software is disproportionate to the val- 
ue that it creates. 

2 In these budget-conscious times, 
• there is intense pressure to 
reduce the cost of acguisition and main- 
tenance of software solutions (the on- 
going support and maintenance of solu- 
tions can often be four times the 
original capital cost). 

3 Organizations are striving to 
• reduce risk, and want a far more 



tangible relationship between soft- 
ware's benefit and its cost. 

4 The drive for reduced risk 
• demands a much greater pre- 
dictability of the running costs of the 
organization's software solutions. 

5 The value of solutions is no 
• longer determined by the 
functionality available (in fact, most 
organizations are using only a small 
subset of the functions available in 
their software products), but by the 
feelings and experience of the users in 
the way that they use and interact 
with the solution. 

-David S. Lint hi cum 
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Technologies Collide 



that once the culture accepts the 
change, the existing systems and archi- 
tecture must also change so they can 
safely consume and manage outside-in 
services and processes, as well as expose 
services and processes as needed. In 
essence, this is a matter of a systemic 
change to SO A, and to all of the projects 
and processes that need to occur to 
make that happen. 

This means that a well-thought-out 
plan of attack must be created to ensure 
that all data, services and processes are 
inventoried and analyzed. Moreover, 
security needs to be considered, along 
with governance of services and process- 
es, inside or outside of the company. 
Finally, a strategic technology solution 
needs to be created, providing all 
aspects of the SOA solution, considering 
the influence of the forthcoming out- 
side-in services. 

"Prepare the master plan" refers to 
the master architecture, building up for 
your SOA to target solutions that may 
exist inside or outside of the enterprise, 
including key SaaS players for providing 
processes, services, solutions and infor- 
mation. This also includes access to Web 
services marketplaces, such as Google, 
Microsoft and Yahoo and the cataloging 
of all services of value in the central gov- 
ernance repository for allocation to crit- 
ical business systems. In addition, this 
includes defining target processes that 



will drive the business going forward, 
leveraging the services, and the 
approach to agility, or the ability to 
change the processes quickly as business 
requirements change. 

WILL YOU BE READY? 

Truth be told, nobody can be complete- 
ly ready for something like this. Indeed, 
larger more cumbersome organizations 
won't be able to change until it's just too 
painful not to. Such was the case with 
the rise of the first-generation Web in 
the early 1990s — most were pushing 
back on it, not reacting to its potential. 
That is, until their customers did, and 
many organizations today are still 
behind and suffering for it. 

We are moving into a world where the 
lines are blurring between where our 
enterprise systems end and the Internet 
begins. In just a few years you could find 
yourself driving user interfaces, services 
and information for critical business sys- 
tems from thousands of sources, most 
not within the firewall, using your inter- 
nal infrastructure as the final controller 
to align the outside services with the cor- 
rect business processes. 

This will allow you to select best-of- 
breed, on-demand services, and at a frac- 
tion of the cost of internal systems devel- 
opment and packaged appliances. The 
relative value of computing will skyrock- 
et, and so will yours, if you're ready. I 



Software AG's SOA Play 



< continued from page 1 

the combination of Software AG and 
WebMethods is now second only to IBM 
in terms of both traditional integration 
and SOA capabilities." 

Bloomberg continued, "This is a mar- 
ket share play and a SOA play. Software 
AG gets a much stronger North Ameri- 
can presence, and they can now leave the 
likes of TIBCO and Oracle in their dust." 

ZapThink analyst Ron Schmelzer 
questioned whether a new "mega-glob- 
al" brand is emerging. To that effect, 
Software AG also announced plans to 
more than double its yearly revenue to 
$1.3 billion. 

The acquisition rounds out Software 
AG's product portfolio with new capabili- 
ties in the integration process and gover- 
nance areas. It also provides Software AG 
with repository metadata management 
capabilities from WebMethods' Infravio. 

WebMethods' heritage is as an enter- 
prise application integration (EAI) ven- 
dor. Neil Ward-Dutton, research director 
at Macehiter Ward-Dutton, a research 
group, said that the EAI market changed 
shape as specialist vendors moved 
beyond Global 2000 companies and had 
to convince the mass market of enter- 
prises to invest in integration tools. 



He continued, "At the same time, 
Microsoft happened — attacking this mass 
market with BizTalk and undercutting 
the expensive providers of complex tool 
sets like WebMethods." 

Ward-Dutton reasoned that SOA pro- 
vided EAI specialists with the secret 
sauce that they needed to make proposi- 
tions to the mass market through lever- 
aging standards-based middleware and 
mainstream software development 
approaches. "Also it had the virtue of 
locking Microsoft out of customer con- 
versations for a while, because [Micro- 
soft] failed (until recently) to get on the 
SOA bandwagon," he said. 

Software AG is Europe's largest sys- 
tems software and SOA provider. Its 
products include the Crossvision SOA 
integration suite, the Natural 2006 pro- 
gramming language, and the Adabas data- 
base management system, and other inte- 
gration and legacy modernization tools. 

According to the companies, the 
transaction is expected to close during 
the second quarter of 2007, after it meets 
customary closing conditions. The board 
of directors of WebMethods approved 
the transaction and recommended that 
shareholders accept the offer valued at 
$9.15 per share. I 
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Sun, Harmony Sing Different Tunes on Compatibility 



< continued from page 1 

lectual property that must be 
infringed in order to implement 
the JSR 176 specification. 

In Sun's JCK, written more 
than a year before the Harmony 
project even began, the compa- 
ny specifically defines accept- 
able usage scenarios in a way 
that the Apache Foundation 
finds unacceptable. And Mag- 
nusson claimed Sun hasn't 
addressed Apache's concerns 
since the foundation first 
brought them to Sun's attention 
back in August of last year. 

"Sun defines 'field of use' as 
general purpose use on servers, 
desktops and laptops," Magnus- 
son told SD Times. "Any use 
that's outside of that scope does 
not receive the applicable intel- 
lectual property. We have been 



told by Sun that [the area] out- 
side of this 'field of use' includes 
natural and commonplace 
things to do, like use the soft- 
ware in an airport kiosk. That 
means that software that was 
tested by us on Ubuntu Linux 
and standard hardware [is cov- 
ered], but if someone picks up 
the machine and puts it inside 
an x-ray machine [it is not]. Our 
argument is that the specifica- 
tion lead cannot define usable 
spaces, period." 

Sun doesn't seem to be ready 
to engage with the Apache 
Foundation just yet. While it 
has negotiated fairly with the 
group in the past, Sun has 
declined to comment since this 
new open letter was sent. The 
company has published a num- 
ber of blog postings about the 



letter, and one anonymous 
source inside the company did 
accuse the Apache Foundation 
of trying to generate attention 
for itself in advance of May's 
JavaOne conference. But the 
official word at Sun, for now, is 
that there is no official word, 
and there isn't likely to be one 
anytime before JavaOne. 

This is not the first time the 
two sides have failed to see 
eye-to-eye over compatibility 
issues. Sun and the Apache 
Foundation went to the mat in 
May 2002 over an issue very 
similar to the current flap. In 
that year, the Apache was able 
to convince Sun to push 
through changes to how the 
JCP licensed its Test Compati- 
bility Kits (TCKs). Then, the 
issue was the costs associated 



with the licensing fees Sun 
and other spec leads charged 
for their TCKs. This time, 
although a TCK is at the heart 
of the issue, the real onus is on 
Sun, and not just the JCP, as 
Sun is the lead on JSR 176, the 
specification in question. 

IP DISCUSSION NEEDED 

In the end, it all comes back to 
patents and intellectual property. 
Magnusson worries that the 
licensing definitions of the JCK 
could place some Harmony 
users in jeopardy. That's because, 
while the JCK grants amnesty 
for IP and patents infringed in 
implementations, Sun's "field of 
use" clause restricts the scope of 
that amnesty. And that's one rea- 
son that attorney Karen F. 
Copenhaver expects this open 



letter to spark new develop- 
ments in the open source 
community's approach to intel- 
lectual property. 

Copenhaver, a partner at the 
law firm of Choate, Hall & Stew- 
art, said the problem of software 
patents and intellectual property 
is becoming more relevant to 
developers with each passing 
day. "I would say that there will 
be a very productive period in 
the open source communities, in 
being very creative about devel- 
oping means of procuring the 
rights that are necessary for the 
users of open source to enjoy 
the benefits of the software, and 
that these kinds of discussions 
are an important part of reaching 
community consensus on how 
to deal with those issues going 
forward." I 
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The program will train software businesspeople, CMU's Martin Griss says. 

Masters of Software 



< continued from page 1 

MBA, since it doesn't have the 
classic foundation in finance and 
other hard-core business funda- 
mentals, but it's focused on busi- 
ness. In class, said Jim Morris, 
professor of computer science 
and dean at Carnegie Mellon 
West, it's all about software engi- 
neering in a business context. 

The Masters of Software 
Management course is also less 
expensive than an MBA program. 
Tuition runs about US$60,000 
for the two-year, six-semester 
program. By contrast, Dimeff 
said, a typical MBA program 
from a top university can cost 
between $70,000 and $120,000. 
CMU's Masters of Software 
Engineering program costs 
$55,000, she added. Fellowships 
and financial aid are available. 

The course is entirely project- 
based, explained Martin Griss, 
associate dean for the program. 
Students, who meet weekly, team 
up in groups to simulate working 
for software companies, making 



reports for executive commit- 
tees, making recommendations 
on methodologies, researching 
outsourcing programs, making 
business plans, handling patents 
and inventions. "You can be 
excellent in software, but for this 
program you have to be more. 
You have to be excellent as a soft- 
ware businessperson," he said. 

"There's a tremendous need 
for people who can face this type 
of organizational challenge," 
Morris added. "It's perfect for 
career acceleration." CMU 
hopes for about 50 students to 
take part in the first year's pro- 
gram, with about one-third com- 
ing from outside the Bay Area. 

The Masters of Software 
Management program director is 
Tony Wasserman, formerly vice 
president of middleware maker 
Blues tone Software, and then 
director of the Mobile Middle- 
ware Labs for Hewlett-Packard. 

The Masters of Software 
Management program is taking 
applications through June 1. I 



A PATCHED APPROACH TO SECURITY 



< continued from page 3 

Miller, Microsoft cooperates 
with law enforcement world- 
wide to track down malicious 
users and activity that it believes 
threatens its customers. 

IS IT ALL WORKING? 

Gary McGraw, CTO of the secu- 
rity firm Cigital, remarked that 
the biggest issue Microsoft faces 
is that of backward compatibility. 
McGraw compared Microsoft to 
an aircraft carrier. "They can try 
to do security-by-design and do a 
pretty good job, but they have all 
of this momentum from so many 
years that will make it a chal- 
lenge for them," he said. 

McGraw continued his 
assessment, "They are doing 
much more than paying lip ser- 
vice, as they had done for years. 
They changed their software 
development process to intro- 
duce security touch points, like 
performing code reviews and 
risk analysis, and have trained all 
their developers on security. 
They are very active trying to do 
things, but it just turns out to be 
hard, especially with all of that 
momentum." 

Illuminata founder and prin- 
cipal IT adviser Jonathan Eunice 
was more critical of Microsoft. 
"The major bugs and exposures 
keep being discovered and 
exploited at a very rapid pace — 
the design-for-security approach 
isn't working — or at the very 
least, isn't working well enough," 
Eunice said in an e-mail. 



People Security's chief secu- 
rity strategist, Herbert H. 
Thompson, believes that Micro- 
soft's security-by-design initia- 
tive, planning security into prod- 
ucts, has substantially reduced 
vulnerabilities. He credits the 
maturity of its product develop- 
ment life cycle and "unlimited 
management buy-in." Thomp- 
son said that a major difference 
between Microsoft and other 
software vendors is that it has 
one of the most mature security 
processes in the security devel- 
opment life cycle. 

But Thompson questioned 
whether the software giant has 
worked to prevent the vulnera- 
bilities that affect its customers. 
"From the software perspec- 
tive, how well you think they 
are doing on [security] is influ- 
enced by how you measure 
whether it's working on not." 

He explained: "There are 
more zero-day vulnerabilities 
being exploited than in the past. 
In the past, the things people had 
to worry about were worms, but 
those came long after Microsoft 
patched and fixed the issue. 
From a consumer standpoint, 
[the problem] was that individual 
companies were so slow at 
deploying patches, and not 
Microsoft's fault. Nowadays, 
many zero-days [newly disclosed 
exploits] are actively being ex- 
ploited in the field." 

The problem today is that 
the environment changed out 
from under Microsoft, said 



Thompson. Thompson sites a 
shift in attacker motivations, 
and a shift away from disgrun- 
tled systems administrators and 
"script kiddies" to the financial- 
ly motivated hacker. "Some of 
the rootkit providers offered 
service-level agreements. The 
shift to economically motivated 
attacker has really put pressure 
on folks like Microsoft," 
Thompson remarked. 

As a result, Thompson said, 
malicious users are looking more 
than ever before at browser and 
application-level vulnerabilities, 
because "that is where the mon- 
ey is for them." He believes that 
Windows Vista's browser con- 
straints signal maturity in 
Microsoft's thinking, and that 
the company has resigned itself 
to vulnerabilities; he credits 
Microsoft for reducing their 
impact on the operating system. 

Thompson sees one bright 
side: that for many organiza- 
tions, secure means compliant to 
federal and state laws to disclose 
data exposure, and that there is 
now a business case built around 
security. "Being incompliant has 
consequences," he noted. 

McGraw advocates shared 
responsibility for security. "Peo- 
ple should not take a look at 
Microsoft and say, 'We need to 
figure out if they can do soft- 
ware security before we embark 
on our own.' They need to 
understand that they have got 
to address software security 
today," he argued. I 



I bring meaning and comprehension 
to my corporate data using 
advanced visualization tools. " 
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Eclipse, Multicore Emphasized at ESC 

Gore keynote, new Intel bike grab spotlight; Ada add-ons announced at show 



BY P.J. CONNOLLY 

With former Vice President Al 
Gore delivering the keynote, 
and Intel unveiling its new cus- 
tom-designed Orange County 
Chopper, one might be forgiven 
for thinking that this year's Sili- 
con Valley edition of the 
Embedded Systems Confer- 
ence was all about glitz. But 
there was plenty of 
steak to go with the 
sizzle, as announce- 
ments in the areas of 
development tools, hardware 
components and supporting 
technology added up to plenty 
for the attendees to feast upon. 

AdaCore announced the 
availability of GNATbench 2.0, 
an update to the Eclipse-based 
plug-in that adds advanced 
Ada language features and an 
integrated GNAT Pro Ada tool 
set to Eclipse-based develop- 
ment environments. GNAT- 
bench 2.0 includes new project 
wizards, syntax highlighting in 
the project file editor, a new 
toolbar for creating Ada ele- 
ments such as files and pro- 
jects, and the means to auto- 
matically generate package 
bodies from package declara- 
tions. For improved perfor- 
mance, Ada-specific semantic 
analysis is now handled by an 
Eclipse shared library, replac- 
ing a background process that 
invoked the GNAT Program- 
ming Studio. 

Also on the Ada front, Aonix 
announced that it was leading 
an initiative to create an Ada 
Development Toolkit (ADT) 
for Eclipse, and offered its 
AonixADT to the Eclipse 
Foundation as the core baseline 



SDTimes 



technology for the project. The 
company also released the 
source code for AonixADT, 
which includes an Ada-sensitive 
editor, build and debugger 
interfaces, and project-aware 
features for program unit 
manipulation. 

Digi International intro- 
duced what it called the first 
Ethernet network- 
ing kit for Micro- 
soft's .NET Micro 
Framework. The 
Digi Connect ME JumpStart 
Kit is aimed at applications 
such as building and industrial 
automation, medical and point- 
of-sale systems. It includes the 
DigiConnect ME embedded 
module, a development/carrier 
board, and sample code with 
documentation. 

Eridon announced the 
release of its UnifiedLogic devel- 
opment framework, which the 
company claims can allow device 
developers to move from con- 
cept to working prototype in as 
little as a day. The framework is a 
family of development tools, 
function-oriented protoyping 
boards called uCards, and oper- 
ating system software. 

Green Hills Software 
announced what it calls the 
fastest and smartest debug 
probe ever built, the Green 
Hills Probe V3. It works with 
Gigabit Ethernet and USB 2.0 
interfaces and offers download 
rates of 10MB per second and 
faster, the company claims. It 
is available now for devices 
based on ARM, MIPS and 
PowerPC processors, and addi- 
tional platform support is due 
later this year. Probe V3 allows 
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The Eridon UnifiedLogic IDE allows at-a-glance verification of hardware 
configurations when using the company's I/O prototyping modules. 



Aonix has opened up the source code for its AonixADT toolkit, and offered 
it to the Eclipse Foundation as the core of a future Eclipse toolkit for Ada. 



on-board programming for a 
wide range of NOR flash parts, 
has built-in Python scripting 
and a Web 2.0 interface. The 
company also announced its 
Probe for Manufacturing, 
based on Probe V3. 

Freescale announced a 
new Eclipse-based tool set for 
the Symphony line of audio dig- 
ital signal processors (DSPs). 
Symphony Studio will support 
the company's DSP5672x fami- 
ly, and is backward-compatible 
with the DSP56300 family of 
audio DSPs and other devices, 
and will be released later this 
year. At the same time, the 
company announced the licens- 
ing of its e200 core family to 
system-on-chip and applica- 
tion-specific semiconductor 
specialists, through licensing 
specialist IPextreme. 

Hitachi announced the 
release of Entier 2.0, a small- 
footprint relational database 
management system for embed- 
ded applications. The updated 
Entier adds the ability to search 
aliases and complex text. 

LynuxWorks used the con- 
ference to announce the next 
generation of the LynxOS 
RTOS, featuring symmetric 
multiprocessing and support 
for POSIX interfaces that pro- 
vide real-time process cre- 
ation, scheduling and time- 
management capabilities. 
LynxOS 5 also incorporates a 
new Linux application binary 
interface (ABI) that allows 
third-party off-the-shelf appli- 
cations to run in a hard real- 



time environment. The com- 
pany also unveiled the 
Eclipse-based Luminosity 3 
IDE, using build and debug- 
ging features from the C and 
C + + Development Tools pro- 
ject. Both are expected to ship 
by the end of June. 

Macgraigor Systems 
announced that it has added 
support for several new proces- 
sors in the AMD, ARM, Mar- 
veil and PowerPC families to its 
debug software solutions. The 
tools now work with AMD's 
Geode GX/LX processors, 
the ARM Cortex-M3 family, 
Freescale's MPC 83xx Power- 
QUICC II Pro series, and the 
Marvell PXA3xx chips. 

Mentor Graphics' Inflex- 
ion Platform UI now has API 
support for the Nucleus OS, 
the company announced. The 
new Inflexion API allows 
developers to make interfaces 
fresh and easily updatable 
without requiring the software 
stack to be completely rewrit- 
ten, claims the company. 
Inflexion automates UI logic 
and uses XML templates to 
manage UI behavior. 

QNX Software Systems 
announced new operating sys- 
tem partitioning tools for mul- 
ticore systems, aimed at 
secure high-performance app- 
lications. The new QNX 
Secure Partitioning for Multi- 
Core Processors offers cus- 
tomers the ability to partition 
both CPU and memory 
resources in fixed schemes, 
adaptable allotments or a com- 



bination of the two. CPU par- 
titioning is available now; 
memory-partitioning features 
will begin beta test in August. 

Real-Time Innovations 
has added new extensions to its 
data distribution service that 
allow the use of JREs that con- 
form to the Real-Time Specifi- 
cation for Java (RTSJ). The 
RTI Data Distribution Service 
is now fully integrated with 
IBM WebSphere Real Time's 
RTSJ extensions, and other 
RTSJ extensions will be sup- 
ported in the future. The RTSJ 
Extensions Kit is available 
immediately; the separately 
licensed data distribution ser- 
vice works with a variety of 
real-time and general-purpose 
operating systems. 

S2 Technologies announced 
the Stride 2.1 Embedded Soft- 
ware Verification Platform, 
which adds the ability to auto- 
mate and control C and C++ 
test code on the target device, a 
test scripting wizard and an en- 
hanced user interface. The com- 
pany claims that Stride 2.1 
allows developers to quickly 
select and characterize APIs 
under test, and clarify ambigui- 
ties in complex data structures. 
It will be available in June, 
according to S2. 

Sysgo announced a partner- 
ship with AMD to combine the 
chipmaker's multicore hardware 
technology with Sysgo's PikeOS 
paravirtualized RTOS, to allow 
the use of Linux and Windows 
with real-time applications. The 
joint solution is also expected to 
handle multiple Linux instances 
and allow the use of varying 
security and safety levels within 
the same hardware unit, but no 
date for product delivery was 
available. 

Finally, Tendril Networks 
announced an improved ver- 
sion of its namesake software 
for ZigBee device developers. 
The Tendril Network Operat- 
ing Platform update is expected 
to ship this quarter, and will 
work with ZigBee chips from 
Ember, STMicroelectronics 
and Texas Instruments; other 
major hardware platforms will 
be supported at a later date. 
The company also announced 
the Tendril Monitor, for diag- 
nostics and monitoring of Zig- 
Bee wireless personal area net- 
works, which are based on the 
IEEE 802.15.4 standard. I 
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Telelogic Advances Agile Modeling Tools 

New Rhapsody offers SysML 1.0 alignment; SDL Suite supports 2, 3, 4G development 



BY P.J. CONNOLLY 

Telelogic announced an update 
to its model-based Rhapsody 
real-time and embedded devel- 
opment tools at the beginning 
of April, adding tighter align- 
ment with the forthcoming 
SysML (Systems Modeling 
Language) 1.0 specification and 
greater support for agile devel- 
opment processes. 

At the same time, the com- 
pany announced an update to 
its SDL Suite for communica- 
tion protocol developers, and a 
vertical implementation of 
Rhapsody Developer and the 
SDL Suite designed specifically 
for telecom customers. 

The new release of Rhap- 
sody is designed to allow devel- 
opers to focus on code, while 
letting the software generate 
the models and documenta- 
tion. Rhapsody 7.1 adds the 
ability to perform require- 
ments-based testing on incre- 
mental parts of the application, 
in the code or the model. The 
company argues that this allows 



developers to start testing earli- 
er in the development process, 
when fixing errors is less 
expensive. 

Activity Diagrams in Rhap- 
sody 7.1 can now be free- 
floating within a UML pack- 
age, and diagrams now permit 
multiple associations of activi- 
ties and statecharts, allowing 
for the description of alter- 
nate behaviors. Complex be- 
haviors can now be captured 
with a drag of the mouse, and 
classes and components can 
be dragged to a "swim lane" 
and automatically associated 
with it. 

Call Action nodes can be 
included in Activity Diagrams, 
for the visualization of calls to 
other operations, while other 
enhancements support the 
"code respect" features that 
maintain the structure of the 
code during modeling and 
reverse engineering. The Rhap- 
sody update also incorporates 
enhanced integration with 
Math Works Simulink. 
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Rhapsody 7.1 adds the ability to test apps through the code or model, 
letting developers fix bugs earlier, and at less expense, claims Telelogic. 



Telelogic SDL Suite 6.0 is 
the company's model-driven 
tool for specifying and design- 
ing systems using SDL, the 
Specification and Description 
Language developed by the 
International Telecommunica- 
tion Union's ITU-T standard- 
ization sector, the former 
CCITT 



The SDL Suite update 
includes UML integration, a 
new kernel architecture, and 
development host support for 
Red Hat Linux and Windows 
Vista. Japanese-language menus 
are enabled through Unicode, 
allowing globally distributed 
teams to work more closely 
than before. 



SDL Suite 6.0 allows devel- 
opers of next-generation com- 
munications protocols to cope 
with the ever-increasing bar- 
rage of data by supporting the 
use of thousands of instances 
and timers, and to trade off 
between performance opti- 
mization and resource conser- 
vation when necessary. 

The suite also includes fea- 
tures that allow developers to 
optimize for 2G and 3G envi- 
ronments while preparing for 
4G systems of the not-that-dis- 
tant future, and automation 
that accommodates the alleged 
improvements in call reliability 
and data throughput of modern 
wireless networks. 

When used together, Rhap- 
sody and SDL Suite can provide 
UML modeling for applications 
and SDL modeling for proto- 
cols in what the company calls a 
seamless process. Both the core 
Rhapsody 7.1 and the SDL 
Suite will be available in May, 
and Rhapsody for Telecom will 
ship at the same time. I 
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BY ALEX HANDY 



When the first version of Xelfi 
found its way into the hands 
of Java developers, the IDE 
was an immediate hit. Orig- 
inally designed to mimic Borland Soft- 
ware's Delphi rapid application develop- 
ment environment, the project eventually 
grew to become known as NetBeans. And 
while Sun Microsystems may not have ex- 
pected its 1999 acquisition to bloom into a 
worldwide development community, the 
company is now putting great force be- 
hind its flagship Java IDE. 

With the release of NetBeans 4, the 
project began its transition from gener- 
al-purpose IDE to open source enter- 
prise-quality development environment. 
Tim Boudreau, senior staff engineer and 
evangelist for NetBeans, has been work- 
ing on the IDE since its early days, and 
he marked version 4 as the turning point 
for the project. 

He said that the changes in version 4 
"made it appealing to a lot of developers 
who said, 1 want my IDE to work with 
what I've got, not do anything special.' " 

Dan Roberts, director of developer 
and Web 2.0 marketing at Sun, agreed 
with Boudreau. Roberts has also been 
on the NetBeans project since its early 
days, and he said that version 4.0 was the 
first edition that placed NetBeans on the 
level of its competition. 

"That was where things started to go in 
the right direction." said Roberts. "[Ver- 
sion] 4 wasn't as good as 5, and it won't be 
as good as 6, but it's where we started get- 



ting our credibility back." 

That credibility has allowed the Net- 
Beans team to advance its environment to 
become one of the preeminent develop- 
ment platforms for any language. With 
the release of version 5.0 and 5.5, Net- 
Beans has added dozens of time-saving 
tools, speed-inducing profilers and the 
Matisse GUI building system. 

The secret to all this innovation, said 
Roberts, is the fact that the NetBeans 
team is willing to analyze the ideas that 
it finds in other projects, and to improve 
upon them. 

Said Roberts: "Interestingly, as Net- 
Beans has evolved over the years, many of 
the features have been inspired by differ- 
ent tools. The visual Web pack was pri- 
marily inspired by what Microsoft was 
doing in its ability to rapidly build Web 
applications. We clearly believed they had 
an advantage in the Java space to build out 
Web applications quickly. Visual Studio 
has really tight integration with some of 
the other pieces in the system. For us, 
that's the most inspiring piece." 

But when considered in the context of 
other Java IDEs, NetBeans has one dis- 
tinct advantage, said Roberts. "We can 
talk about innovation, all those other 
sub-areas, but it's the out-of-the-box 
experience where you get one complete 
development environment that can cover 
ME, SE and EE Java development," said 
Roberts, pointing out what sets Net- 
Beans apart. "It was a core part of the 
NetBeans focus from day one since Tim 
and I were brought into Sun with the 



get- acquisition seven years ago.' 



NEVER A FULL ECLIPSE 

Boudreau and Roberts detailed the rea- 
sons behind NetBeans' more structured 
and simpler approach to IDE design. "If 
you had to think about the architecture of 
OpenOffice.org to write a document, that 
would be a bug. We want the user experi- 
ence to be very simple. You get the mobil- 
ity pack; you don't get the 8 million mod- 
ules. You get a plug-in, you drop it in, and 
it works," said Boudreau, referring to the 
sometimes difficult nature of installing 
Eclipse add-ons. 

Other Java IDEs are also on the Net- 
Beans team radar. In particular, 
Boudreau and Roberts talked about Jet- 
Brains' IntelliJ IDEA. "It's limited by the 
fact that the JetBrains team is a small 
group," said Roberts. "They can't lever- 
age some of the things we have, like the 
Java teams in-house. We can mention the 
way in which Matisse actually got 
designed with the collaborations between 
the NetBeans team and the Java team." 

Of course, because the NetBeans pro- 
ject is open source, Matisse has already 
been ported to the Eclipse platform. But 
that's just fine with Roberts. He said that 
the tool is so good for designing graphical 
user interfaces, his team is flattered to see 
it adopted by the competition. 

But getting here was not that easy, 
said Boudreau. Now that Java SE 6 has 
arrived, NetBeans is receiving another 
visual makeover, though it's one that 
required little change to the underlying 
code. Back in the days of version 3.6, 
said Boudreau, changes in the way Net- 
Beans looked had to be done by hand, 



within the IDE. When he rewrote the 
windowing system for version 3.6, 
Boudreau said the task was "like chang- 
ing the carburetor on a car while it's run- 
ning down the street without stopping." 

At the same time, the NetBeans team 
was reworking its build and change sys- 
tems to run on top of ANT, a move that 
they said made all the difference down 
the road. Boudreau said that, in the Net- 
Beans user community, "there was talk 
from some folks in Texas telling me about 
how they have to mail each other Eclipse 
project files via e-mail when things 
change. I'm really glad our change system 
is built on ANT." 

And those integrations with popular 
tools didn't end with ANT. Said 
Boudreau: "If I want to create a new 
Maven project, it has full integration with 
Maven. If I download a Maven project 
from the Web, I can just open it the same 
way we integrate with ANT for building. 
If I want to search for a particular file out 
there, [in the Maven repository] I can." 

"There had been a general issue with 
[keeping track of] libraries, which is the 
problem which Maven solves nicely," said 
Boudreau. "We're not going to reinvent 
Maven. But we're making it a little bit 
nicer for people who have a project that's 
shared and they might have a library on 
their drive somewhere." 

Integrations with SCM systems are 
also a major priority with the NetBeans 
team. Roberts said that the external 
groups are constantly building plug-ins for 
their repositories, and that the NetBeans 
continued on page 32 ► 
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team has an opportunity to build 
many new integrations them- 
selves. "The end of the version 
control opportunity is never real- 
ly there. There are so many 
SCMs. Subversion and CVS 
[are] a core part of NetBeans 
[and] have been for some time. 
As you get into the myriad ver- 
sions of commercial ones, one of 
the exciting things about the 
market share gains NetBeans has 
had is a lot of those projects are 
building in support themselves. 
We're not building from scratch 
like we were two years ago. Now 




we've got the Subversion team 
working with us directly." 

SIXTH TIME'S A CHARM 

All of this work has led up to the 
forthcoming NetBeans 6.0 re- 
lease. Roberts said that the new 
version should be unveiled at 
JavaOne this summer, but he 
added that the final version 
won't be ready until the fall. 

Among the new features 
and changes in NetBeans 6, the 
most prominent is the expan- 
sion of the IDE to include 
many other languages. That 
means developers will be able 
to code Ruby, Python, C, C+ + 
and Java in NetBeans. The 
team is also adding facilities to 
make it easier for third-party 
developers to add support for 
other languages to the IDE. 
These facilities include meth- 
ods for describing white space 
needs, indentation, color-coded 
code and syntax highlighting. 

"We're going very much 
after the scripting market," said 
Roberts. "New developers are 
coming out of college and high 
school even. These folks are 



learning scripting languages as 
their first languages. It's impor- 
tant to get to them early." 

But the popularity of script- 
ing languages isn't the only ben- 
efit to NetBeans' adding sup- 
port to its platform. The new 
efforts at Sun to implement 
many scripting languages in 
Java adds new worlds of possi- 
bilities to scripted applications. 

"We hired the JRuby guys," 
said Roberts. "The thing that's 
cool about JRuby is that there 
are all these Java libraries out 
there you can now access in 
Ruby. Like a library for diff'ing 
lists. If I were writing something 
in Ruby, that's handy to do, [but] 
do I really want to rewrite that in 
Ruby? I'm sure Rails advocates 
might disagree with me. The way 
I see it is the stuff where if it goes 
wrong, the airplane crashes — I'd 
want to write that in a strongly 
typed language. The other stuff, 
like snippets of HTML, the froth 
on top of the back end, where it's 
something that's going to change 
rapidly — that's something you 
want a scripting language for. 
What's the right tool for the job 



in these common tasks? Five or 
seven years ago, when the Web 
was young, nobody knew what 
the things you needed to do 
repeatedly were. We're finally 
maturing in terms of what tools 
are appropriate for what things." 

But while the move to sup- 
port scripting languages and oth- 
er mainstream languages in the 
IDE is a major shift for the Net- 
Beans team, it's not the most 
powerful change for version 6.0. 

That title falls to the newly 
rewritten core editor. "The other 
major piece is a complete over- 
haul of the core editor itself," said 
Roberts. "You have the ability to 
use a completely new editor. For 
NetBeans, the editor has been 
something of a work-in-progress 
for some time. This is really 
where we believe we'll be mov- 
ing past IntelliJ and Eclipse." 

It's still evolving, of course. 
"Not all of the refactorings are 
implemented over the Java 
infrastructure yet. We will have 
the full suite of refactorings 
when 6.0 comes out in the 
fall. This was a collaboration 
between the NetBeans team 



and the Java team." 

Those should help to narrow 
the gap between NetBeans and 
its competition. Roberts said 
that the combination of new 
refactorings and a faster core 
editor should make NetBeans 
the top dog. But it's the support 
for the improvements in Java SE 
6 that will help to make Net- 
Beans stand out, said Roberts. 

Boudreau used a sample 
application to demonstrate the 
power of the new profiling fea- 
tures in NetBeans. "I created 
the generic code-name genera- 
tor. When I first pasted the text 
into the generator, the whole 
application froze for a second. 
That's a place I'd like to profile. 
The first thing you notice is that 
we're starting up and the win- 
dow is still not on the screen. 
It's slowing down the whole vir- 
tual machine," said Boudreau, 
showing off the application. 

"Traditional profiling has two 
problems," said Boudreau. 
"One, it slows everything down. 
Two, it doesn't give you the 
information you're actually after. 
continued on page 33^ 
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Generally, you don't want to 
profile the whole application — 
only one part. NetBeans Profiler 
can specify a single method to 
check. You can save the snap- 
shot. You can do optimizations 
and compare the snapshots." 

As if optimizing applications 
were not enough, Boudreau 
went on to demonstrate more 
features of NetBeans 6.0. One of 
those is the ability to rapidly gen- 
erate and test a Web service. 
Boudreau demonstrated how to 
do this using his code-name gen- 
erator application again. "You 
take the code that analyzes text 
and generate a Java EE applica- 
tion. It auto-generates a new 
application that's built with ANT. 
We can add a session bean. And 
it automatically generates a page 
for testing Web services." 

That automatically generated 
test page included the text box 
for inputting seed text, and auto- 
matically output the code name 
generated. Boudreau then took 
the same program through Net- 
Beans' automatic Java ME gen- 
eration facilities. Here, he 
demonstrated the ability to auto- 
matically create the various 
screens of information needed in 
a mobile Java application. 

PART OF SOLARIS STRATEGY 

Roberts also sees NetBeans as a 
key component of the new 
Solaris strategy at Sun. 

"Unix workstations, as a mar- 
ket, has really gone away," said 
Roberts. "We still have a really 
good business around worksta- 
tions and Sun Ray. It used to be, 
when you walked into a scien- 
tist's office, there was a Solaris 
workstation there. That's what 
computer scientists did. That's 
changed because the way in 
which we used computers 
changed. Look at the way in 
which the professional worksta- 
tion became the primary inter- 
face for the second world you 
live in. That change that has 
occurred, the sociological im- 
pact has created pressure for a 
single type system. [It created] a 
natural monopoly and the con- 
sumer culture [that] Microsoft 
was able to capture. [It] drove all 
that innovation through one 
interface type." 

Roberts said that the need for 
MP3 players, movie players, sup- 
port for desktop tasks and 
PowerPoint all contributed to 
the decline of the workstation. 



But that may change soon, said 
Roberts, as Sun refocuses its 
Solaris efforts to include a new 
distribution aimed directly at de- 
velopers. Solaris Express, Devel- 
oper Edition, is an all-in-one 



development workstation-target- 
ed operating system. Of course, 
it has all those other things de- 
velopers need to get work done, 
such as music players and e-mail 
programs, but it also includes a 



full working version of NetBeans 
that is installed by default. 

With so many new features 
arriving on the NetBeans plat- 
form this fall, it's hard to ignore 
the simplicity and time savings 



offered by the IDE. And with 
support for Java SE 6 bringing 
speed, optimizations and a faster 
JVM to NetBeans, it looks like 
the sprouts of Xelfi are finally 
growing into trees. I . | 
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FROM THE EDITORS 

Web 2.0 
Changes Everything 

The Web, as we know it, is dead. Long live Web 2.0 — a next-genera- 
tion platform for rich applications, mashups and more. With the first 
version of the Web, with its fairly static HTML content and dynamically 
generated pages, the difference between a Web application and a local 
or client/server application was clear. With Web 2.0, the lines are becom- 
ing more blurred every day. This inexorable trend is good for the enter- 
prise, good for consumers and good for developers. However, it would be 
a mistake to think of Web 2.0 as simply an outgrowth of AJAX or Ruby 
on Rails. This is a new paradigm, and enterprise developers and software 
companies must adapt to the new reality. 

As you can read in this issue s cover story "When Software Technolo- 
gies Collide," our IT departments are seeing both opportunities and 
challenges. Software as a service, service-oriented architectures and Web 
2.0 applications break down the classic barriers between silos. The dis- 
tinction between intranet, extranet and Internet is disappearing. 

Our customers (internal and external) expect us to leverage SaaS, SOA 
and Web 2.0 to improve the quality of enterprise and commercial software, 
while simultaneously reducing its development and maintenance costs. 
Paradoxically, our customers also expect that security will not only be pre- 
served, but also enhanced, and that development cycles will be shorter. 

Can we deliver on those expectations? Yes. But this will require a rad- 
ical change in our approaches to the whole life cycle, from requirements 
gathering to architecture, from coding to testing to deployment. For 
many organizations, agile methodologies may seem like the silver bullet, 
because those methodologies are better at responding to constantly 
changing requirements. However, we should not be lulled into believing 
that formal requirements are no longer required, or that we can exist in a 
world of permanent beta releases. 

Enterprise and commercial software development for the rest of this 
decade, and beyond, is a whole new ball game, and the rules are still being 
written. 

Turning Professional 

We've heard the lamentations from both sides for years now: "Busi- 
ness people just don't understand the technology side," IT man- 
agers cry; "Why can't my IT department write software that does what I 
need it to do," business-side employees wail. 

Software companies continue to come up with ways to bridge the 
gap — requirements tools that understand plain English, pairing business 
executives with developers during the programming phase. 

And now, Carnegie Mellon University West is offering a Masters of 
Software Management program designed to create the next generation 
of business executives who can understand the company's needs and 
apply them to software development. It is said to be one of the first of its 
kind in the world. Classes are available only to people already working as 
software engineers. But there's the rub. 

Many developers don't approach software development as an engi- 
neering discipline. They see it as an art — equating their struggles to 
deliver the perfect algorithm with the inner pain of a Jackson Pollack or 
Sylvia Plath. But as Steve McConnell points out in his seminal 1999 
book, "After the Gold Rush: Creating a True Profession of Software 
Engineering," engineering provides the framework for implementing the 
moments of inspiration. Without a solid engineering foundation, the 
flashes of brilliance could never be captured in a practical way. 

As the costs associated with software failure rise, a program such as 
Carnegie Mellon's seems like a bargain. We can get behind any effort 
that raises the level of professionalism in the industry, and that helps soft- 
ware teams deliver software that not only works, but does what the busi- 
ness needs it to. I 



The Trustworthiness Framework 



At a recent Department of Homeland 
Security workshop on software 
assurance, most of the practitioners in 
attendance equated software assurance 
with automated software testing. One 
might wonder, what does automated soft- 
ware testing have to do with software 
assurance? 

In order to achieve software trustwor- 
thiness in the limited amount 
of time that's generally allowed 
to produce software, a com- 
bined effort of automated soft- 
ware testing and security test- 
ing is required: The Software 
Trustworthiness Framework 
(STF) is needed. 

Daily we are bombarded by 
media alerts of new security 
breaches; the latest example was 
UCLA having to alert 800,000 
people to a data breach. 

Josh Bloch, chief Java architect at 
Google, said in a recent statement, 
"Regardless of how talented and meticu- 
lous a developer is, bugs and security vul- 
nerabilities will be found in any body of 
code — open source or commercial. Giv- 
en this [inevitability], it's critical that all 
developers take the time and measures to 
find and fix these errors." 

Developers, however, are strapped 
cranking out new features while trying to 
meet often unreasonable deadlines. 
First-to-market is key; beating the com- 
petition is the goal. Given this dilemma, 
where software developers alone cannot 
be responsible for software assurance, we 
need to look to other resources to help us 
win the software trustworthiness battle. 
Who is better suited to help a developer 
conduct security testing than the software 
testing groups already in place? 

In the traditional software develop- 
ment life cycle, software trustworthi- 
ness is often an afterthought, and secu- 
rity and testing efforts are delayed until 
after the software has been developed. 
Meeting deadlines is key, at all costs, 
including that of trustworthiness, yet 
vulnerabilities are an emergent proper- 
ty of software that appear throughout 
the design and implementation cycles. 

WHERE THE FRAMEWORK FITS IN 

Currently, much of the security testing 
that is done after the software has been 
implemented, such as paying an external 
party to perform security testing, is just a 
Band-Aid solution. It is tempting for 
security testing teams to focus purely on 
the mechanics of testing the security of a 
software application and pay little atten- 
tion to the surrounding tasks required of 
a secure software development life cycle, 
such as automated software testing. This 
is where the STF comes into play. 

The most effective software trustwor- 
thiness programs start at the beginning of 
a project, long before any program code 
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has been written. An effective security 
process is one that is used throughout the 
development life cycle and one that 
employs automated testing technologies. 
The Automated Testing Lifecycle 
Methodology (ATLM) described in my 
book "Automated Software Testing" is a 
structured methodology, supports the 
successful implementation of automating 
testing, has been implement- 
ed by companies throughout 
the world, and is recommend- 
ed by various tool vendors. 
The ATLM approach is con- 
sistent with rapid application 
development efforts, in- 
cluding engaging the user ear- 
ly in the development cycle. 

A structured methodology 
has emerged to support the 
successful implementation 
of secure and trustworthy software. In the 
Secure Software Development Lifecycle 
(SSDL), security issues are evaluated and 
addressed early in the system's life cycle, 
during business analysis, throughout the 
requirements phase, and during design 
and development. This early involvement 
lets the security team provide a quality 
review of the security requirements spec- 
ification, attack use cases and software 
design. The team also will more com- 
pletely understand business needs and 
requirements and their associated risks. 
Finally, the team can design and architect 
the most appropriate system environment 
to generate a more secure design. 

Amalgamating the ATLM with the 
SSDL combines automated software test- 
ing with software security testing into the 
Software Trustworthiness Framework. 
The ATLM has six primary processes: 

• Decision to automate testing 

• Test tool acquisition 

• Automated testing introduction 
process 

• Test planning, design and development 

• Test execution and management 

• Test program review and assessment 
The SSDL has six primary processes 

that are intertwined with the ATLM: 

• Security guidelines, rules, regula- 
tions and oversight 

• Security requirements and attack 
use cases 

• Architectural and design reviews/ 
threat modeling 

• Secure coding guidelines 

• Black/gray/white box testing 

• Determining exploitability 
Implementing the SFT will allow for 

repeatable and consistent verification of 
new releases and software patches. It will 
evaluate the trustworthiness from an end- 
to-end system perspective, and will verify 
that the integration of components yields 
a trustable system. I 

Elfriede Dustin is a software testing and 
QA consultant. 
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WHEN APPLE TV SHIPPED last 
month, the reviews came pouring in. 
Consensus is often very telling, and the 
consensus is that Apple did not initiate 
an iPod-like revolution in home enter- 
tainment. Let me give you a one-word 
explanation: flexibility. iPod's design 
enabled an entire ecosystem of devices 
to build up around 
it, such as digital 
voice recording and 
terrestrial radio — 

tuners. Apple TV 
lacks a built-in TV 
tuner that would 

nourish the development of a TV-centric 
ecosystem. Online forums are abuzz 
with posts about how it has no DVR 
capabilities and cannot be used to watch 
TV. Apple TV, with iTunes, only does 
what software including Windows Media 
Center Extender has already been doing. 
A post to the AppleNova forum, an 
Apple enthusiast site, questioned why it 
was necessary to buy one when game 
consoles, like Xbox, already did the same 
thing. Will Apple out-innovate Micro- 
soft, Sony and other hardware vendors 



and gain a foothold in the living room? 
Or could it simply become a case of 
Apple persevering because of its 
momentum? Apple, be warned: Momen- 
tum can quickly turn into inertia. 

— David Worthington 

WITH OODLES OF CONFERENCES, 

talks and seminars coming up this spring, 
it's highly likely that you'll soon find 
yourself on a plane. And it is air travel 
that remains the single loose gear in the 
massive mechanism that is forming 
around on-demand applications. This 
past month, I showed our edit team 
Basecamp.com, a site that allows for wiki 
functionality, geared toward collaborative 
document development. Unfortunately, 
no sooner had I mentioned that this 
would be a great place to collectively edit 
our articles, than someone mentioned 
that this practice would remove one's 
ability to write and work while flying. 
Naturally, I had to give up my exuberant 
evangelism. It's one thing when beneficial 
technology is rendered impotent by lack 
of enthusiasm in the users. It's entirely 
another when a whole industry has con- 



spired against its use. And since we won't 
likely be seeing ubiquitous electricity and 
Ethernet in our coach-class seats anytime 
soon, the SaaS-ifying of the business 
world may just have to wait. 

— Alex Handy 

I'VE BEEN VISITING COLLEGES 

recently with my oldest daughter, who's 
a junior in high school, and have been 
struck by the impact of computers on 
their lives. Kids now add "Is there free 
wireless Internet available?" to the more 
mundane questions about dining hall 
food and the size of freshman lecture 
classes. Most of the dormitory rooms we 
were taken into did not have wireless; 
instead we saw wired Ethernet ports (I 
can't imagine the bandwidth issues that 
arise when an entire dorm full of kids 
tries to gain access — and complete 
downloads — at the same time. The col- 
leges did have a few common areas with 
wireless connectivity, but they seemed 
small and spread out across the campus. 
Also, many of the colleges have their 
own networks for the "facebook" social 
network. I guess that's so students can 
"poke" each other about upcoming 
exams — or where the next mixer is. 

— David Rubinstein 



LETTERS TO THE EDITOR 

A Prototype Query 



As to your article "A Prototype for Brows- 
er Compatibility" [April 15, page 1], I 
believe JQuery is far better than Proto- 
type in features and ease of use and has a 
huge community behind it. John Resig, 
the main developer, works for the 
Mozilla Foundation. Check out these 
sites: jquery.com and ejohn.org. Thanks. 
Mladen Mihajlovic 



WHERE'S APPFORGE? 

I am a developer and have a client run- 
ning a Crossfire solution on Symbol 
equipment. I am looking for someone 
who could share information on the cur- 
rent situation at AppForge Inc. 

I understand they have closed their 
business, effective about March 14, 2007. 
Do you know if they will be re-opening, 



North America Largest 
BPMS Market, for Now 
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Analysts at Gartner's March BPM Summit in London indicated that this year's global mar- 
ket for Business Process Management (BPM) suites will exceed US$1 billion, and will be 
one of the fastest-growing markets through 2011. The firm estimates that growth in the 
BPM market will peak in 2008 in most markets; currently, North America and Western 
Europe represent the largest regional markets, but the Asia/Pacific region is expected to 
show more accelerated growth over the next two years. 



either as a reincarnation or after being 
sold? Do you know if there are any 
arrangements being made for renewing 
client licenses, maintenance, etc.? Do 
you have any information at all about 
their current and future status? 

Tim Rice 

Editors note: AppForge has been 
acquired by Oracle, according to an 
Oracle spokesperson. The spokesperson 
said that details about the transaction 
were to be found on the Oracle Web site, 
but as of press time they had not 
appeared. No information about client 
licenses or maintenance could be ascer- 
tained, and none of the AppForge prin- 
cipals could be reached for comment. 

COMMENTARY ON JAVA 

I miss Allen Holub's wit and insight, 
especially on the Java front, which is 
most relevant to my work as a defense 
contractor. I wonder if dropping his col- 
umn is "itself an interesting comment on 
the state of Java." 

Kelly Mulheren 

Editors note: Allen Holub wrote the 
JavaWatch column for this newspaper 
until October 2006. 

WHAT DO YOU THINK? 

Letters to SD Times should include the 
writer's name, company affiliation and con- 
tact information. Letters become the proper- 
ty of BZ Media and may be edited. Send to 
feedback@bzmedia.com. 

CORRECTION 

WindowZones is a least-privilege securi- 
ty program from Xeriton s ByteCrusher 
Labs. Its name was incorrect in a story in 
the April 1 issue on Microsoft UAC. 
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Mufti-Platform User Experience 



NetAdvantage 



Empower your passion for creating great user interfaces with NetAdvantage 



Empower Your Users - Deliver highly productive, feature rich user 
interfaces to your customers 

Leverage Reusable Architectures - Standardize your development 
process with consistent frameworks and tooling (source code included) 

Insure Consistent Look & Feel - Use Application Styling™ to brand 
applications across the enterprise (professionally designed style packs 
included) 

Access Global Support - Interact with teams in London, New York, Tokyo, 
and Bangalore 

Maximize Your Results - Utilize comprehensive mentoring, training and 
consulting services 



Infragistics 

Powering The Presentation Layer 



learn more: infragistics.com 

Infragistics Sales - 800 231 8588 

Infragistics Europe Sales - +44 (0) 800 298 9055 



Your enterprise partner for user interface development 




NetAdvantage® for asp.net 
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Off-the-Shelf Education 



I normally leave my summer reading col- 
umn until June, but between global 
warming and some exceptional offerings 
from the publishing companies, the time 
seems ripe to suggest some books to 
accompany you to the beach. In the inter- 
est of full disclosure, I should state that 
I'm friends with several of the authors 
whose works I'm recommending. 

I've already written in this column 
about my favorite book of last year, 
"Refactoring Databases" by Scott 
Ambler and Pramod Sadlage. Along with 
Ambler's "Agile Database Techniques," 
this book brings database development 
into the change-embracing, unit-tested 
21st century. 

Manipulating relational databases 
stands in complex relationship to manip- 
ulating text-based source code and "reg- 
ular" software development. On the one 
hand, relational theory is a vastly more 
stable foundation than mainstream pro- 
gramming paradigms; even the most 
recalcitrant corporations understand the 
value of their data stores; and database 
servers are tremendously sophisticated 
tools. On the other hand, programming 
databases, whether manipulating data or 
table structures, is rarely treated with the 
same kind of respect that we give to com- 
piled code; there's often an assumption 
that the database will somehow be triv- 
ially derived to suit the needs of the "real 



code," or perhaps, that a tyrannical DBA 
is forcing compromises on an otherwise 
pristine design. 

In truth, databases in the real world 
scream for refactoring and unit-testing, 
and either slavish devotion to or callous 
disregard for existing database structure 
is among the most common mistakes I 
see. (Just this morning, I 
spent an hour and three-quar- 
ters in a design meeting that 
centered around this very 
problem.) These two books 
plainly and simply saved my 
butt in a big project last year, 
and I think it's a rare book- 
shelf where they won't find a 
permanent spot. 

Whatever book you may 
have used previously for "the f 
one book about OOA&D to have 
you're having only one," you may well 
want to retire it in favor of "Head-First 
Object-Oriented Analysis & Design" by 
Brett McLaughlin, Gary Pollice and 
David West. I've not been the biggest 
fan of the "Head-First" series. The 
graphically busy design of these texts 
and their multimodal approaches to 
learning are definitely in keeping with 
modern pedagogy, but I'm not at all con- 
vinced that this is necessarily the best 
way to learn, for instance, a program- 
ming language. 
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OOA&D, though, with its high con- 
cept count, communication demands and 
specialized jargon, is excellently suited 
for the approach. Even more important, 
the book does a good job of covering the 
broad array of subjects in play in modern 
OOA&D, including such things as the 
current emphasis on iterative develop- 
ment and testing and their 
influence on analysis and 
design. 

The book is light on 
UML — perhaps too light. You 
don't have to work for IBM 
Rational to like Activity Dia- 
grams, for instance. But pair 
"Head-First OOA&D" with 
Martin Fowler's still-unsur- 
passed "UML Distilled," and 
you've got 90 percent of what 
you need to do OOA&D. The other 90 
percent of what you need is experience. 
(And if you haven't yet experienced a 
software development project that's con- 
sumed 180 percent of effort. . .) 

Charles Petzold's work is always note- 
worthy. Last year brought "Applications 
= Code + Markup," which is the best 
tutorial on Windows Presentation Foun- 
dation I've seen. This summer we can 
look forward to a book by Petzold on 3D 
programming for WPF, but I want to 
recommend his book "Code: The Hid- 
den Language of Computer Hardware 



Larry 
Q'Brfen 



and Software," which came out in 2000. 
"Code" is a technical history of comput- 
ers, touching on mechanical predeces- 
sors (abaci, Napier's bones, Babbage's 
works) but focusing primarily on what 
we've done so far by combining Boolean 
logic, information theory and electronics. 

Code is, by popular standards, techni- 
cal (it doesn't have pictures of trains car- 
rying Is and 0s), but if you want some 
fiber in your diet, pair it with "Inside the 
Machine" by Jon Stokes. Subtitled "An 
illustrated introduction to microproces- 
sors and computer architecture," this is a 
handsome text that gets to the nitty-grit- 
ty of branch prediction, cache architec- 
ture and vector execution. As is 
inevitable with a book this close to the 
metal, it's already a tad outdated, ending 
with some too-brief words on the Intel 
Core 2 Duo. 

If your eyes are too tired to read, I 
highly recommend the audiobook ver- 
sion of John Hodgman's "The Areas of 
My Expertise," which he labels "an 
almanac of complete world knowledge" 
Not a lot of developer-specific stuff, but 
Hodgman is the guy who plays the PC in 
those Macintosh ads, and he's accompa- 
nied on guitar by Jonathan Coulton, 
composer of the anthem "Code Mon- 
key," and the obsessive list-making 
nature of the endeavor makes it clear: 
He's a member of our tribe. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 



A T in Programming 



The Tiobe.com Web site tracks the 
interest and activity in more than 
150 programming languages. It not 
only keeps track of the relative stand- 
ings of all these languages, it also shows 
the comparative growth or decline of 
the top languages year over year, as 
well as month-to-month changes. It's a 
fascinating site to check on an occa- 
sional basis. 

Some recent trends are actively 
reflected in the posted numbers. For 
example, we see Ruby's skyrocketing 
advance: It jumped from 21st place to 
10th in the most recent 12 months. It is 
the only new entrant into the top 
10 during that period (the language 
that fell out of the top 10 to make room 
for it was Delphi, which fell to 12th 
place.) JavaScript, on the basis of its 
use in AJAX, has also risen nicely from 
10th to 8th. 

In general, the top few places show 
comparatively little change. Like last 
year, the first six positions are, in order: 
Java, C, (then a big drop), C++, PHP, 
Visual Basic and Perl. 

One language that has surged into 
14th place (up a full six places and now 
ahead of Pascal, Fortran, Ada and 
COBOL) is one I suspect most readers 
have never heard of: D. 



Available at no cost (www.digitalmars 
.com/d), D is the brainchild of Walter 
Bright, the same fellow who wrote the 
Datalight C compiler, the Zortech C+ + 
compiler, and Symantec's Visual Cafe 
Java compiler — all of which were 
regarded as very fast products in their 
day. As the Digital Mars Web site states 
the D language combines the 
high performance of C/C + + 
with the productivity features 
of Ruby and Python. This is a 
fair description. 

The syntax is reminiscent 
of C + + and Java and, like 
those languages, it's object- 
oriented and statically typed. 
If you want to use D without 
exploring its many interest- 
ing features, you could view 
it as C++ with garbage collection. But 
such an approach disregards some 
impressive capabilities. These include 
strings as first-class objects, resizable 
arrays, functions that fall somewhere 
between C#'s delegates and Ruby's clo- 
sures, string-based switches, inter- 
faces, templates, nested and inner 
classes, support for all C99 data types, 
and a default 80-bit floating point. It 
also has syntactical sugar for for-loops 
and other constructs. 



Integration Watch 




As I've discussed several times in the 
past, a substantial portion of the value of a 
language is in its libraries. D has a good set 
of these libraries, but it has the distinct 
benefit of being able to link to native 
libraries written using C and Pascal para- 
meter conventions. Versions are currently 
available on Linux, Mac OS and Windows. 
Because it was written by a 
code-performance freak, it 
compiles to native code that 
runs screamingly fast. The 
benchmark suite at Debian.org 
(shootout.alioth.debian.org 
/gp4) shows that after C and 
C++, D is the fastest language 
around. That's fast! 

There are actually two ver- 
sions of the D compiler and 
linker. One from Digital Mars, 
of which most parts are open source. The 
second is a D front end to GCC (at 
sourceforge.net/projects/dgcc). Many pro- 
jects are under way to create native ports 
to D of existing libraries, including an 
ambitious project to port open source Java 
libraries. Of these, the port of the SWT 
library (used for graphics by Eclipse) is 
substantially complete. 

The mailing lists and community are 
active, and Bright frequently partici- 
pates in discussion and problem resolu- 



tion. Most of the members of the com- 
munity see D as a vastly improved C+ + 
and occasionally as a faster Java. What is 
inspiring is how D has managed to pull 
itself up to 14th place in the Tiobe rank- 
ings without having any of the usual 
accoutrements of language success: 
There is no killer application, no book by 
the Pragmatic Programmers nor from 
any leading publisher, and it's not the 
default language of any known applica- 
tion or community that can drive it. 
Rather, D has simply grown steadily by 
word of mouth over the past five years 
due to the need developers have for the 
speed of low-level languages with 
garbage collection and intelligent high- 
level features. 

In many ways, D has the feel that the 
Ruby community had before the advent 
of Ruby on Rails catapulted the lan- 
guage onto everyone's radar screen: It's a 
language that's been well thought out 
and that makes programming a pleasure. 
Its big advantage over Ruby, however, is 
performance. So the next time you need 
to drop into C or C + + coding, and you 
suddenly get the feeling that there has to 
be a better way to get the work done 
quickly, take a stab at D. You'll like what 
you find. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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You're Speaking My Language 



Industry Watch 
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I think I woke Ami Cohen from a sleep 
when I called him in mid- April to dis- 
cuss an idea he has for giving machines 
the ability understand vocal cues at a 
high level. 

If I did wake him, Cohen is one of 
those people who doesn't take a long 
time to clear his mind and regain his 
bearings — he was off on a 90-minute 
monologue that careened in a 
number of directions within 
seconds of exchanging greet- 
ings with me. 

Let me back up a bit. 
Cohen reached out to me last 
month to talk with him about 
his ideas for an EchoLogical 
Machine, which executes 
business process manage- 
ment for distributed manu- 
facturing by robots. An 
Israeli by birth, Cohen has 
British Columbia since 1966. 
he has a background in marine engi- 
neering, and has worked in real estate 
and other businesses before commit- 
ting to his flying sailboat project. (The 
boat doesn't actually "fly" — it rises up 
to ride on top of the water, leaving no 
wake.) 

He has a vision for In-Cell Nomadic 
Intelligent Manufacturing and Man- 
agement Factories, which will include 
the robots for forming the Rigid- Hulls 
necessary for the flying boat project, 
and ultimately becoming part of his 
FlexibleFINS project, as the fins attach 
to the hulls of his boats. For this kind of 
work, Cohen sees the need "to have a 
machine I can talk to like I'm talking to 
you," he said. 

At this point in our conversation, 
Cohen started talking about upgrading 
natural languages, the creation of 



lived in 
He says 



bih, beh. 



USCIIIIII (which we'll get into in 
more detail later on), and teaching 
machines elements of speech. 

All of this is in his head for now. The 
concepts are quite interesting, to say 
the least, and Cohen is looking for part- 
ners to help him build out the ideas. 
Read on, and let me know what you 
think of Cohen's efforts. 

"Machines need to recog- 
nize more than identity," he 
said. "Speech is not a 
monotone thing. Talking is 
like singing. The goal is to 
have a thinking and singing 
machine." 

Cohen sees a future in 
which we can teach machines 
all the ways to say the letter a, 
for example: a, aye, ay, ah; or 
b, which could be buh, bee, 
You can give it a true voice- 
print," he said. 

To do so, he's created something 
called the Universal Standard Code 
for Internationally Intelligent Inten- 
sively Interactive Information Inter- 
change (the aforementioned USCIIIIII). 
"This will be the operating font that 
can recognize multiple languages, to 
have accurate voiceprint recognition," 
Cohen claimed. 

Only with something like USCIIIIII 
can machines begin to share a culture 
with the human it is interfacing 
with, Cohen stated. The Echological 
Machine that Cohen has devised in 
his mind is the logic mechanism 
that describes how to instruct a 
machine in binary to understand 
speech. By adding super-vowels, or 
diacritics, to English, Cohen is creating 
an extra layer of instruction for the 
machine — the symbolic instruction 



code that has the logic about sen- 
tences, so the machine will know the 
difference between "Go to the bank 
and make a deposit" and "The river 
bank is muddy" and "The airplane is 
banking." 

Perhaps because of his Israeli 
upbringing, Cohen believes Hebrew 
can be the model for upgrading natur- 
al languages because Hebrew is a 
structured language that has a root sys- 
tem of single-letter words and double- 
letter words that are the root of all oth- 
er words. "In English, you have 
architect, and architecture, but then it 
goes off to build, building, then brick, 
bricklaying. They aren't true roots," 
Cohen said. 

Believing that this all can be done 
takes faith, and Cohen has no shortage 
of that. In fact, he says the Hebrew lan- 
guage is the true vocal signature of 
nature, where communications can be 
seen and heard by listening to all 
sounds around us at all times. "It is a 
language of God, for simple people," 
he says. 

Cohen speaks at 110 miles an hour, 
changing topics the way impatient 
drivers change lanes. Following him 
can be difficult. But it seems to me 
there are some very valid points in all 
that he says, and Cohen said he's look- 
ing for partners to help bring his 
visions to fruition. 

In an e-mail follow-up to our phone 
conversation, Cohen wrote he would 
like to open doors "to teams already 
advanced in the art of universal natural 
logic and languages' powers in automa- 
tion and for computing as well as 
remotely operated intelligent universal 
robotics." 

You've heard what Ami Cohen thinks. 
We want to hear what you think. I 

David Rubinstein is editor-in-chief of 
SD Times. 
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Oracle has acquired Hyperion, a business performance 
management (BPM) software vendor. It assumed majority 
ownership of Hyperion after it purchased 91.7 percent of all 
common stock outstanding through an initial cash tender 
offer of US$52 per share. The transaction was valued at 
approximately $3.3 billion. The remaining shares were 
accepted for payment during a subsequent offering period 
and were tendered at the same price as before. All remain- 
ing Hyperion shares were canceled and converted into the 
right to receive $52 per share under Delaware state law. 
Hyperion is now a wholly owned subsidiary of Oracle. Oracle 
CEO Larry Ellison said in a statement that the combination 
of Hyperion's BPM software and Oracle's Business Intelli- 
gence tools and analytic applications form an end-to-end 
performance management system . . . ILOG has acquired 
LogicTools, which makes supply chain planning applications, 
and will run it as a division of the company. The acquisition 
brings together a leading company in supply chain network 
design and inventory optimization with a leader in detailed 
scheduling solutions, to provide a broader range of supply 



chain applications to customers. LogicTools co-founder 
Edith Simchi-Levi will become vice president of operations 
for ILOG. Financial terms of the deal were not disclosed. 

EARNINGS: Oracle's 2007 Q3 GAAP earnings are in. Third 
quarter revenues were US$4.4 billion. After operating 
expenses, interest, depreciation and taxes, net income 
totaled $1.03 billion. Its operating expenses were relative to 
last year's, and the total earnings per share were 20 cents. 
In comparison with 2006, revenues grew 27 percent, and 
net income and earnings per share were, respectively, 35 
percent and 36 percent higher. Oracle reported that soft- 
ware revenues grew 25 percent to $3.5 billion followed by 
service revenues, which were up 36 percent to $916 million. 
Applications new license revenues accounted for most of 
the software sales growth, followed by database and mid- 
dleware new license revenues. Oracle CFO Safra Catz stated 
that revenue growth was across all product lines and geo- 
graphies. Oracle's cash and cash equivalents were more 
than $1 billion less than in Q3 2006. 1 
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IDUG North America 

San Jose 

INTERNATIONAL DB2 USERS GROUP 

conferences.idug.org 



May 6-10 



VSLive 


May 6-10 


Orlando, Fla. 




FAWCETTE TECHNICAL PUBLICATIONS 
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JavaOne 


May 8-11 


San Francisco 




SUN MICROSYSTEMS 




java.sun.com/javaone/sf 




WinHEC 


May 14-17 


Los Angeles 




MICROSOFT 




www.microsoft.com/whdc/winhec 




STAR EAST 


May 14-18 


Orlando, Fla. 




SOFTWARE QUALITY ENGINEERING 




www.sqe.com/stareast 




RailsConf 


May 17-20 


Portland, Ore. 
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Business Conference 

San Francisco 

IDG WORLD EXPO 
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May 22-23 



Six Sigma for Software 
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Boston 
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May 22-23 



Tech-Ed June 4-8 

Orlando, Fla. 

MICROSOFT 

www.microsoft.com/events/teched2007 
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Development Conference 
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For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Altova® MissionKit™ 2007 - Intelligent tools for XML developers and software architects. 



Gear up for 



t*A ALTOVA* 

missionkit ™ 2007 



Take off with the Altova MissionKit, and discover 
" e secret to savings on top software tools. 

Spied in the Altova MissionKit 2007 

• The world's leading XML development tools (XMLSpy, MapForce, StyleVision, etc.) 
• Plus application design, data management, and modeling options for software architects 



The Altova MissionKit 2007 bundles Altova's intelligent application development, data 
management, and modeling tools at 50% off their regular prices. Available in a variety of 
configurations tailored to the needs of software architects and XML developers, the Altova 



MissionKit delivers the highest functionality and best product value. Its your first-class ti< 



he power, speed, and simplicity of Altova s award-winning product line. Save a bur 
Download the Altova MissionKit 2007 today: www.altova.com 
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Ship Software OnTime! 

(watch the videos or download the free software ot oxosoft.com/sdtimes) 



Are You Enforcing Development Processes? 



^>:<»^n»ii 



OnTime 200 

bug backing • requffem&nh management • hefpdesk 

for agile, scrum artd extreme development teams 



